CVE-2016-2123

Published on: 11/01/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Samba from Samba contain the following vulnerability:

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

  • CVE-2016-2123 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo [UNKNOWN] - samba version versions 4.0.0 to 4.5.2

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Samba CVE-2016-2123 Heap Based Buffer Overflow Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94970
Samba - Security Announcement Archive Patch
Vendor Advisory
www.samba.org
text/html
URL Logo CONFIRM www.samba.org/samba/security/CVE-2016-2123.html
Samba Buffer Overflow in ndr_pull_dnsp_name() Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1037493
1392702 – (CVE-2016-2123) CVE-2016-2123 samba: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (ZDI-CAN-3995) Issue Tracking
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSambaSambaAllAllAllAll
  • cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*: