Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2123

Опубликовано: 19 дек. 2016
Источник: redhat
CVSS3: 8.1
CVSS2: 7.9

Описание

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Отчет

Red Hat Enterprise Linux 5, 6 and 7 are not affected by this flaw because we do not ship Samba with the AD DNS Server, which is the vulnerable component.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaNot affected
Red Hat Enterprise Linux 5samba3xNot affected
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Gluster Storage 3.1sambaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1392702samba: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (ZDI-CAN-3995)

8.1 High

CVSS3

7.9 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2123

CVSS3: 8.8
ubuntu
больше 7 лет назад

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

nvd логотип

CVE-2016-2123

CVSS3: 8.8
nvd
больше 7 лет назад

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

debian логотип

CVE-2016-2123

CVSS3: 8.8
debian
больше 7 лет назад

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...

github логотип

GHSA-m2v2-w4f9-rmq6

CVSS3: 8.8
github
больше 3 лет назад

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

fstec логотип

BDU:2021-01289

CVSS3: 8.8
fstec
больше 7 лет назад

Уязвимость парсера ndr_pull_dnsp_name пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

8.1 High

CVSS3

7.9 High

CVSS2