Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2016-2123 | First vendor Publication | 2018-11-01 |
Vendor | Cve | Last vendor Modification | 2024-02-08 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.8 | ||
Base Score | 8.8 | Environmental Score | 8.8 |
impact SubScore | 5.9 | Temporal Score | 8.8 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-122 | Heap-based Buffer Overflow (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-07-04 | Samba LDAP modify dnsRecord buffer overflow attempt RuleID : 43053 - Revision : 1 - Type : SERVER-SAMBA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-11.nasl - Type : ACT_GATHER_INFO |
2017-01-05 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-12.nasl - Type : ACT_GATHER_INFO |
2017-01-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-3299-1.nasl - Type : ACT_GATHER_INFO |
2016-12-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-363-02.nasl - Type : ACT_GATHER_INFO |
2016-12-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e4bc323fcc7311e6b704000c292e4fd8.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote Samba server is affected by multiple vulnerabilities. File : samba_4_5_3.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-3271-1.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-3272-1.nasl - Type : ACT_GATHER_INFO |
2016-12-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3740.nasl - Type : ACT_GATHER_INFO |
2016-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3158-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-08 09:28:10 |
|
2024-02-02 01:38:05 |
|
2024-02-01 12:10:47 |
|
2023-09-05 12:36:14 |
|
2023-09-05 01:10:34 |
|
2023-09-02 12:36:05 |
|
2023-09-02 01:10:48 |
|
2023-08-12 12:39:15 |
|
2023-08-12 01:10:15 |
|
2023-08-11 12:34:16 |
|
2023-08-11 01:10:33 |
|
2023-08-06 12:33:08 |
|
2023-08-06 01:10:15 |
|
2023-08-04 12:33:16 |
|
2023-08-04 01:10:19 |
|
2023-07-14 12:33:17 |
|
2023-07-14 01:10:17 |
|
2023-03-29 01:35:04 |
|
2023-03-28 12:10:36 |
|
2023-02-13 05:27:46 |
|
2022-10-11 12:29:48 |
|
2022-10-11 01:10:20 |
|
2022-08-30 00:27:32 |
|
2021-05-04 12:50:07 |
|
2021-04-22 02:01:04 |
|
2020-05-23 01:59:06 |
|
2020-05-23 00:50:14 |
|
2019-10-10 05:19:33 |
|
2019-07-24 12:02:29 |
|
2019-01-29 21:19:08 |
|
2018-11-02 13:20:48 |
|
2018-11-01 17:19:26 |
|