{"id":"CVE-2016-2126","details":"Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.","modified":"2026-04-16T06:17:04.450150377Z","published":"2017-05-11T14:29:58.077Z","related":["SUSE-SU-2016:3271-1","SUSE-SU-2016:3272-1","SUSE-SU-2016:3298-1","SUSE-SU-2016:3299-1","SUSE-SU-2016:3300-1","openSUSE-SU-2024:11365-1"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0494.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0744.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1265"},{"type":"ADVISORY","url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2016-2126.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0495.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0662.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94994"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037495"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"df33344d8eb40221d60c99931690703a11d91bc2"},{"fixed":"09348d38684215a34b091dd98ea7df21fc07f32c"},{"introduced":"30812c414bb0ceb95abae08c35b94b2f97be4c5c"},{"fixed":"bb02ee99eadd74bf471d1fff9a2be24d1ba2a52d"},{"introduced":"916fab083a8cb5c10365da7f3a85d0bbfde4a30e"},{"fixed":"3da5d752a987ec1e60d7e773dfe44d38a91d8776"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.3.13"},{"introduced":"4.4.0"},{"fixed":"4.4.8"},{"introduced":"4.5.0"},{"fixed":"4.5.3"}]}}],"versions":["samba-4.4.0","samba-4.4.1","samba-4.4.2","samba-4.4.3","samba-4.4.4","samba-4.4.7","samba-4.5.0","samba-4.5.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2126.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}