#VU6632 Integer underflow in Samba - CVE-2016-2123
Published: May 23, 2017
Vulnerability identifier: #VU6632
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
CVE-ID: CVE-2016-2123
CWE-ID: CWE-191
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Samba
Samba
Software vendor:
Samba
Samba
Description
The vulnerability allows a remote authenticated user to compromise vulnerable server.
The vulnerability exists due to integer underflow within ndr_pull_dnsp_name routine when processing dnsRecord attribute in LDAP requests. A remote authenticated attacker can send a specially crafted LDAP request to the affected server, trigger heap-based buffer overflow and execute arbitrary code on the target sever.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable server.
The vulnerability exists due to integer underflow within ndr_pull_dnsp_name routine when processing dnsRecord attribute in LDAP requests. A remote authenticated attacker can send a specially crafted LDAP request to the affected server, trigger heap-based buffer overflow and execute arbitrary code on the target sever.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable server.
Remediation
The vulnerability is patched in versions: 4.5.3, 4.4.8 and 4.3.13.