CVE-2016-2126

MEDIUM

Samba < 4.3.13 - Access Control

Title source: rule

Description

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

References (9)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0494.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0495.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0662.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0744.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94994

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037495

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1265

[Third Party Advisory] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730

[Vendor Advisory] https://www.samba.org/samba/security/CVE-2016-2126.html

Scores

CVSS v3 6.5

EPSS 0.0468

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-264

Status published

Products (2)

samba/samba < 4.3.13

n/a/n/a

Published May 11, 2017

Tracked Since Feb 18, 2026