 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2016-2123 |
| Description: | A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.13.2016.363.02 1.3.6.1.4.1.25623.1.0.703740 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2123 1037493 http://www.securitytracker.com/id/1037493 94970 http://www.securityfocus.com/bid/94970 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123 https://www.samba.org/samba/security/CVE-2016-2123.html https://www.samba.org/samba/security/CVE-2016-2123.html |