CVE-2016-2123Heap-based Buffer Overflow in Samba

CWE-122Heap-based Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedNov 1
Latest updateMay 13

Description

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDsamba/samba4.3.04.3.13+5
debiandebian/samba< samba 2:4.5.2+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.5.2+dfsg-2+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.4+1

Patches

Patch: www.samba.orgPatch: www.samba.org

🔴Vulnerability Details

3
GHSA
GHSA-m2v2-w4f9-rmq6: A flaw was found in samba versions 42022-05-13
OSV
CVE-2016-2123: A flaw was found in samba versions 42018-11-01
OSV
samba vulnerabilities2016-12-19

📋Vendor Advisories

3
Red Hat
samba: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (ZDI-CAN-3995)2016-12-19
Ubuntu
Samba vulnerabilities2016-12-19
Debian
CVE-2016-2123: samba - A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dn...2016

📄Research Papers

1
arXiv
Analyzing the Perceived Severity of Cybersecurity Threats Reported on Social Media2019-05-03

💬Community

1
Bugzilla
CVE-2016-2123 samba: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (ZDI-CAN-3995)2016-11-08