{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T13:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2016-2126.html"}, {"name": "1037495", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037495"}, {"name": "RHSA-2017:0495", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"}, {"name": "RHSA-2017:0494", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"}, {"name": "RHSA-2017:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "94994", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94994"}, {"name": "RHSA-2017:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"}, {"name": "RHSA-2017:0662", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-2126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.samba.org/samba/security/CVE-2016-2126.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/security/CVE-2016-2126.html"}, {"name": "1037495", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037495"}, {"name": "RHSA-2017:0495", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"}, {"name": "RHSA-2017:0494", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"}, {"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"}, {"name": "RHSA-2017:1265", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "94994", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94994"}, {"name": "RHSA-2017:0744", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"}, {"name": "RHSA-2017:0662", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:17:50.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2016-2126.html"}, {"name": "1037495", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037495"}, {"name": "RHSA-2017:0495", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"}, {"name": "RHSA-2017:0494", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"}, {"name": "RHSA-2017:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "94994", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94994"}, {"name": "RHSA-2017:0744", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"}, {"name": "RHSA-2017:0662", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-2126", "datePublished": "2017-05-11T14:01:00.000Z", "dateReserved": "2016-01-29T00:00:00.000Z", "dateUpdated": "2024-08-05T23:17:50.562Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFC5F77B-9D76-42B9-BB16-CA3A2DD00766", "versionEndExcluding": "4.3.13", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A963A86-CAF4-4882-B9DC-E9C7CDA2764C", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "6044E13A-532E-403E-AA23-4A77771D2094", "versionEndExcluding": "4.5.3", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions."}, {"lang": "es", "value": "Samba versiones 4.0.0 hasta 4.5.2, es vulnerable a la elevaci\u00f3n de privilegios debido al manejo incorrecto de la suma de comprobaci\u00f3n PAC (Certificado de Atributo de Privilegio). Un atacante autenticado y remoto puede hacer que el proceso winbindd se bloquee usando un ticket de Kerberos leg\u00edtimo. Un servicio local con acceso a la tuber\u00eda con privilegios de winbindd puede hacer que winbindd almacene en cach\u00e9 los permisos de acceso elevados."}], "id": "CVE-2016-2126", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-11T14:29:58.077", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94994"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037495"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2016-2126.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0494.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0495.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0662.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0744.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2016-2126.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0662", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-41.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:0744", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.2.10-9.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-21T00:00:00Z"}, {"advisory": "RHSA-2017:1265", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.4.4-13.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-22T00:00:00Z"}, {"advisory": "RHSA-2017:0494", "cpe": "cpe:/a:redhat:storage:3.2:samba:el6", "package": "samba-0:4.4.6-4.el6rhs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 6", "release_date": "2017-03-23T00:00:00Z"}, {"advisory": "RHSA-2017:0495", "cpe": "cpe:/a:redhat:storage:3.2:samba:el7", "package": "samba-0:4.4.6-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 7", "release_date": "2017-03-23T00:00:00Z"}], "bugzilla": {"description": "samba: Flaws in Kerberos PAC validation can trigger privilege elevation", "id": "1403115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403115"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "details": ["Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.", "A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process."], "name": "CVE-2016-2126", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-12-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2126\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2126\nhttps://www.samba.org/samba/security/CVE-2016-2126.html"], "threat_severity": "Moderate"}

{}