VDB
CVE-2016-2123
CVE-2016-2123
PUBLISHED
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
EPSS 0.86% · 75.5th percentile
Risk Scores
EPSS Score
0.86%
75.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | samba | 0, 2:4.1.20+dfsg-1ubuntu2, 2:4.1.20+dfsg-1ubuntu3 |
| Ubuntu:14.04:LTS | samba | *, 2:4.1.6+dfsg-1ubuntu2.14.04.9, 2:4.1.6+dfsg-1ubuntu2.14.04.11 |
Timeline
- Dec 19, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-2123 third-party-advisory
- https://www.samba.org/samba/security/CVE-2016-2123.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3158-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2123 third-party-advisory