PT-2016-3329 · Samba Team+4 · Samba+3

Huzaifa S. Sidhpurwala

Publicado

2016-12-19

Atualizado

2024-06-15

CVE-2016-2123

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.0 through 4.5.2

Description A flaw in the Samba routine ndr pull dnsp name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. This routine parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects, making this a remote privilege escalation issue.

Recommendations For Samba versions 4.0.0 through 4.5.2, consider restricting access to the dnsRecord attribute over LDAP to prevent exploitation until a patch is available. As a temporary workaround, limit the privileges of authenticated LDAP users to minimize the risk of remote privilege escalation.

Exploit

Correção

Heap Based Buffer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-119

Identificadores relacionados

ALT-PU-2016-2465

ALT-PU-2016-2466

ALT-PU-2018-2488

ALT-PU-2018-2489

BDU:2021-01289

CVE-2016-2123

DSA-3740-1

ECHO-66D0-8AED-029E

OPENSUSE-SU-2024:11365-1

SUSE-SU-2016:3271-1

SUSE-SU-2016:3272-1

SUSE-SU-2016:3299-1

SUSE-SU-2016_3271-1

SUSE-SU-2016_3272-1

SUSE-SU-2016_3299-1

USN-3158-1

ZDI-17-053

Produtos afetados

Alt Linux

Samba

Suse

Ubuntu

PT-2016-3329 · Samba Team+4 · Samba+3

CVE-2016-2123

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 112