Lucene search

K
cve[email protected]CVE-2016-2123
HistoryNov 01, 2018 - 1:29 p.m.

CVE-2016-2123

2018-11-0113:29:00
CWE-119
CWE-122
web.nvd.nist.gov
109
samba
cve-2016-2123
remote privilege escalation
integer wrap problem
memory overwrite
ldap
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Affected configurations

Vulners
NVD
Node
redhatredhat_package_managerRange4.0.04.5.2

CNA Affected

[
  {
    "product": "samba",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.0.0 to 4.5.2"
      }
    ]
  }
]

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.948 High

EPSS

Percentile

99.3%