Published: 01/11/2018 Updated: 08/02/2024

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba

Several security issues were fixed in Samba ...

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded, allowing a man-in-the-middle attacker to imper ...

The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption By default, all authenticated LDAP users can write to ...

CWE-122 https://www.samba.org/samba/security/CVE-2016-2123.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123 http://www.securitytracker.com/id/1037493 http://www.securityfocus.com/bid/94970 https://usn.ubuntu.com/3158-1/https://nvd.nist.gov

CVE-2016-2123

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect