CVE-2016-2126

MEDIUM

Description

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

References

http://rhn.redhat.com/errata/RHSA-2017-0494.html

http://rhn.redhat.com/errata/RHSA-2017-0495.html

http://rhn.redhat.com/errata/RHSA-2017-0662.html

http://rhn.redhat.com/errata/RHSA-2017-0744.html

http://www.securityfocus.com/bid/94994

http://www.securitytracker.com/id/1037495

https://access.redhat.com/errata/RHSA-2017:1265

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730

https://www.samba.org/samba/security/CVE-2016-2126.html

Details

Source: MITRE

Published: 2017-05-11

Updated: 2018-05-11

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.2.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.4.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.5.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.5.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.5.2:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
127327NewStart CGSL MAIN 4.05 : samba4 Multiple Vulnerabilities (NS-SA-2019-0100)NessusNewStart CGSL Local Security Checks
critical
127320NewStart CGSL MAIN 4.05 : samba Multiple Vulnerabilities (NS-SA-2019-0096)NessusNewStart CGSL Local Security Checks
critical
109920Pulse Policy Secure Multiple Vulnerabilities (SA43730)NessusMisc.
low
109919Pulse Connect Secure Multiple Vulnerabilities (SA43730)NessusMisc.
low
101469Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1265)NessusVirtuozzo Local Security Checks
medium
100698EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1105)NessusHuawei Local Security Checks
critical
100697EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104)NessusHuawei Local Security Checks
critical
100554Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry)NessusAmazon Linux Local Security Checks
critical
100350Scientific Linux Security Update : samba on SL7.x x86_64 (20170522)NessusScientific Linux Local Security Checks
medium
100346RHEL 7 : samba (RHSA-2017:1265)NessusRed Hat Local Security Checks
medium
100344Oracle Linux 7 : samba (ELSA-2017-1265)NessusOracle Linux Local Security Checks
medium
100329CentOS 7 : samba (CESA-2017:1265)NessusCentOS Local Security Checks
medium
99225Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20170321)NessusScientific Linux Local Security Checks
medium
99224Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20170321)NessusScientific Linux Local Security Checks
medium
99072Oracle Linux 6 : samba4 (ELSA-2017-0744)NessusOracle Linux Local Security Checks
medium
99069Oracle Linux 6 : samba (ELSA-2017-0662)NessusOracle Linux Local Security Checks
medium
97960CentOS 6 : samba4 (CESA-2017:0744)NessusCentOS Local Security Checks
medium
97957CentOS 6 : samba (CESA-2017:0662)NessusCentOS Local Security Checks
medium
97931RHEL 7 : Gluster Storage (RHSA-2017:0495)NessusRed Hat Local Security Checks
medium
97930RHEL 6 : Gluster Storage (RHSA-2017:0494)NessusRed Hat Local Security Checks
medium
97884RHEL 6 : samba4 (RHSA-2017:0744)NessusRed Hat Local Security Checks
medium
97880RHEL 6 : samba (RHSA-2017:0662)NessusRed Hat Local Security Checks
medium
96361Fedora 24 : 2:samba (2017-d0a537062c)NessusFedora Local Security Checks
medium
9857Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple VulnerabilitiesNessus Network MonitorSamba
high
96294openSUSE Security Update : samba (openSUSE-2017-12)NessusSuSE Local Security Checks
medium
96293openSUSE Security Update : samba (openSUSE-2017-11)NessusSuSE Local Security Checks
medium
96262SUSE SLES11 Security Update : samba (SUSE-SU-2016:3300-1)NessusSuSE Local Security Checks
medium
96261SUSE SLES12 Security Update : samba (SUSE-SU-2016:3299-1)NessusSuSE Local Security Checks
medium
96260SUSE SLES11 Security Update : samba (SUSE-SU-2016:3298-1)NessusSuSE Local Security Checks
medium
96166Slackware 14.2 / current : samba (SSA:2016-363-02)NessusSlackware Local Security Checks
medium
96164FreeBSD : samba -- multiple vulnerabilities (e4bc323f-cc73-11e6-b704-000c292e4fd8)NessusFreeBSD Local Security Checks
medium
96149SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:3272-1)NessusSuSE Local Security Checks
medium
96148SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:3271-1)NessusSuSE Local Security Checks
medium
96142Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple VulnerabilitiesNessusMisc.
medium
96108Fedora 25 : 2:samba (2016-364f61377b)NessusFedora Local Security Checks
medium
95949Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : samba vulnerabilities (USN-3158-1)NessusUbuntu Local Security Checks
medium
95936Debian DSA-3740-1 : samba - security updateNessusDebian Local Security Checks
medium