CVE-2016-2126 : Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Att

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Published 2017-05-11 14:29:58

Updated 2022-08-29 20:02:24

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-2126

Probability of exploitation activity in the next 30 days: 0.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-2126

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-2126

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2126

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730

Pulse Security Advisory: SA43730 - 2018-04 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2017-0744.html

RHSA-2017:0744 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/94994

Samba CVE-2016-2126 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1037495

Samba Lets Remote Authenticated Users Cause the Target 'winbindd' Service to Crash - SecurityTracker
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:1265

RHSA-2017:1265 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.samba.org/samba/security/CVE-2016-2126.html

Samba - Security Announcement Archive
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0495.html

RHSA-2017:0495 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2017-0494.html

RHSA-2017:0494 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2017-0662.html

RHSA-2017:0662 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2016-2126

Samba » Samba
Versions from including (>=) 4.5.0 and before (<) 4.5.3
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.4.0 and before (<) 4.4.8
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.0.0 and before (<) 4.3.13
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-2126

Exploit prediction scoring system (EPSS) score for CVE-2016-2126

CVSS scores for CVE-2016-2126

CWE ids for CVE-2016-2126

References for CVE-2016-2126

Products affected by CVE-2016-2126