From 78a14f9aebd72afa17b00c011046d4d49db1ceec Mon Sep 17 00:00:00 2001
From: "lpardo@redhat.com" <lpardo@redhat.com>
Date: Wed, 31 Oct 2018 16:40:33 -0300
Subject: [PATCH] CVE-2016-2123

---
 2016/2xxx/CVE-2016-2123.json | 94 ++++++++++++++++++++++++++++++------
 1 file changed, 78 insertions(+), 16 deletions(-)

diff --git a/2016/2xxx/CVE-2016-2123.json b/2016/2xxx/CVE-2016-2123.json
index b59e0999c2f..a1eb964faf3 100644
--- a/2016/2xxx/CVE-2016-2123.json
+++ b/2016/2xxx/CVE-2016-2123.json
@@ -1,18 +1,80 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2016-2123",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2016-2123",
+        "ASSIGNER": "lpardo@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "samba",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-122"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://www.samba.org/samba/security/CVE-2016-2123.html"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database.  Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+                    "version": "3.0"
+                }
+            ],
+            [
+                {
+                    "vectorString": "7.9/AV:A/AC:M/Au:N/C:C/I:C/A:C",
+                    "version": "2.0"
+                }
+            ]
+        ]
+    }
 }