CVE-2016-2123
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
01/11/2018
Last modified:
08/02/2024
Description
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.0.26 (including) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.1.0 (including) | 4.1.23 (including) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.2.0 (including) | 4.2.14 (including) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.3.0 (including) | 4.3.13 (excluding) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.4.0 (including) | 4.4.8 (excluding) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.5.0 (including) | 4.5.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page