Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Published

2018-11-01T13:29:00.363

Last Modified

2024-11-21T02:47:52.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-122
  • Type: Secondary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application samba samba ≤ 4.0.26 Yes
Application samba samba ≤ 4.1.23 Yes
Application samba samba ≤ 4.2.14 Yes
Application samba samba < 4.3.13 Yes
Application samba samba < 4.4.8 Yes
Application samba samba < 4.5.3 Yes
References