CVE-2016-2123

NameCVE-2016-2123
DescriptionA flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3740-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)jessie, jessie (lts)2:4.2.14+dfsg-0+deb8u15fixed
stretch (security), stretch (lts), stretch2:4.5.16+dfsg-1+deb9u4fixed
buster2:4.9.5+dfsg-5+deb10u3fixed
buster (security)2:4.9.5+dfsg-5+deb10u5fixed
bullseye2:4.13.13+dfsg-1~deb11u5fixed
bullseye (security)2:4.13.13+dfsg-1~deb11u6fixed
bookworm (security), bookworm2:4.17.12+dfsg-0+deb12u1fixed
trixie2:4.19.6+dfsg-1fixed
sid2:4.19.6+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcewheezy(not affected)
sambasourcejessie2:4.2.14+dfsg-0+deb8u2DSA-3740-1
sambasource(unstable)2:4.5.2+dfsg-2

Notes

[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
https://www.samba.org/samba/security/CVE-2016-2123.html
Search for package or bug name: Reporting problems