vulnerability
Arch Linux: Privilege escalation (CVE-2016-2126)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | May 11, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
May 11, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
For the remote attack, the memory overwrite kills the main winbindd process and an authenticated attacker can construct this situation by watching for password changes in Samba.
One specific trigger occurs when winbindd changes its machine account password and the client has still a valid Kerberos ticket (that was encrypted with the old password).
For the remote attack, the memory overwrite kills the main winbindd process and an authenticated attacker can construct this situation by watching for password changes in Samba.
One specific trigger occurs when winbindd changes its machine account password and the client has still a valid Kerberos ticket (that was encrypted with the old password).
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.