Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2016-2123

Date: November 1, 2018

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Language: C

Severity Score

Related Resources (9)

http://www.securityfocus.com/bid/94970
https://nvd.nist.gov/vuln/detail/CVE-2016-2123
https://www.samba.org/samba/security/CVE-2016-2123.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123
https://security.alpinelinux.org/vuln/CVE-2016-2123
http://www.securitytracker.com/id/1037493
https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2123
https://security-tracker.debian.org/tracker/CVE-2016-2123
https://www.mend.io/vulnerability-database/CVE-2016-2123

Severity Score

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us