vulnerability

Samba CVE-2016-2126: Flaws in Kerberos PAC validation can trigger privilege elevation.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Dec 20, 2016	Dec 20, 2016	May 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Dec 20, 2016

Added

Dec 20, 2016

Modified

May 5, 2025

Description

A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Solution(s)

samba-upgrade-4_3_13samba-upgrade-4_4_8samba-upgrade-4_5_3

References

CVE-2016-2126
https://attackerkb.com/topics/CVE-2016-2126
URL-http://www.samba.org/samba/security/CVE-2016-2126.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today