VuXML ID | Description |
a4f08579-516c-11e3-9b62-000c292e4fd8 | samba -- ACLs are not checked on opening an alternate data stream on a file or directory
The Samba project reports:
Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x,
3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying
file or directory ACL when opening an alternate data stream.
According to the SMB1 and SMB2+ protocols the ACL on an underlying
file or directory should control what access is allowed to alternate
data streams that are associated with the file or directory.
Discovery 2013-06-12 Entry 2013-11-19 samba34
gt 0
samba35
gt 0
samba36
gt 3.6.* lt 3.6.20
samba4
gt 4.0.* lt 4.0.11
samba41
gt 4.1.* lt 4.1.1
CVE-2013-4475
http://www.samba.org/samba/security/CVE-2013-4475
|
e4bc323f-cc73-11e6-b704-000c292e4fd8 | samba -- multiple vulnerabilities
Samba team reports:
[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes
on DNS objects and trigger a controlled memory corruption.
[CVE-2016-2125] Samba client code always requests a forwardable ticket
when using Kerberos authentication. This means the target server, which must be in the current or trusted
domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to
fully impersonate the authenticated user or service.
[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process
to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.
A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
Discovery 2016-12-19 Entry 2016-12-26 Modified 2016-12-26 samba36
ge 3.6.0 le 3.6.25_4
samba4
ge 4.0.0 le 4.0.26
samba41
ge 4.1.0 le 4.1.23
samba42
ge 4.2.0 le 4.2.14
samba43
ge 4.3.0 lt 4.3.13
samba44
ge 4.4.0 lt 4.4.8
samba45
ge 4.5.0 lt 4.5.3
CVE-2016-2123
https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2125
https://www.samba.org/samba/security/CVE-2016-2125.html
CVE-2016-2126
https://www.samba.org/samba/security/CVE-2016-2126.html
|
613e45d1-6154-11e3-9b62-000c292e4fd8 | samba -- multiple vulnerabilities
The Samba project reports:
These are security releases in order to address CVE-2013-4408
(DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150
(pam_winbind login without require_membership_of restrictions).
Discovery 2012-06-12 Entry 2013-12-11 samba34
gt 0
samba35
gt 0
samba36
gt 3.6.* lt 3.6.22
samba4
gt 4.0.* lt 4.0.13
samba41
gt 4.1.* lt 4.1.3
CVE-2012-6150
CVE-2013-4408
http://www.samba.org/samba/security/CVE-2012-6150
http://www.samba.org/samba/security/CVE-2013-4408
|
03e48bf5-a96d-11e3-a556-3c970e169bc2 | samba -- multiple vulnerabilities
Samba project reports:
In Samba's SAMR server we neglect to ensure that attempted
password changes will update the bad password count, nor set
the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2
repeatedly.
This is available without any other authentication.
smbcacls can remove a file or directory ACL by mistake.
Discovery 2014-03-11 Entry 2014-03-11 samba34
gt 0
samba35
gt 0
samba36
gt 3.6.* lt 3.6.23
samba4
gt 4.0.* lt 4.0.16
samba41
gt 4.1.* lt 4.1.6
CVE-2013-4496
CVE-2013-6442
http://www.samba.org/samba/security/CVE-2013-4496
http://www.samba.org/samba/security/CVE-2013-6442
|
996c219c-bbb1-11e4-88ae-d050992ecde8 | samba -- Unexpected code execution in smbd
Samba development team reports:
All versions of Samba from 3.5.0 to 4.2.0rc4 are
vulnerable to an unexpected code execution vulnerability
in the smbd file server daemon.
A malicious client could send packets that may set up the
stack in such a way that the freeing of memory in a
subsequent anonymous netlogon packet could allow execution
of arbitrary code. This code would execute with root
privileges.
Discovery 2015-02-23 Entry 2015-02-23 samba4
ge 4.0.0 lt 4.0.25
samba41
ge 4.1.0 lt 4.1.17
samba36
ge 3.6.0 lt 3.6.25
CVE-2015-0240
https://www.samba.org/samba/security/CVE-2015-0240
|
baf37cd2-8351-11e1-894e-00215c6a37bb | samba -- "root" credential remote code execution
Samba development team reports:
Samba versions 3.6.3 and all versions previous to this
are affected by a vulnerability that allows remote code
execution as the "root" user from an anonymous connection.
As this does not require an authenticated connection it
is the most serious vulnerability possible in a program,
and users and vendors are encouraged to patch their Samba
installations immediately.
Discovery 2012-04-10 Entry 2012-04-10 samba34
gt 3.4.* lt 3.4.16
samba35
gt 3.5.* lt 3.5.14
samba36
gt 3.6.* lt 3.6.4
CVE-2012-1182
|
e21c7c7a-0116-11e3-9e83-3c970e169bc2 | samba -- denial of service vulnerability
The Samba project reports:
All current released versions of Samba are vulnerable to
a denial of service on an authenticated or guest connection.
A malformed packet can cause the smbd server to loop the CPU
performing memory allocations and preventing any further service.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
if guest connections are allowed.
Discovery 2013-08-05 Entry 2013-08-09 Modified 2013-08-09 samba34
gt 0
samba35
gt 0
samba36
gt 3.6.* lt 3.6.17
samba4
gt 4.0.* lt 4.0.8
CVE-2013-4124
http://www.samba.org/samba/security/CVE-2013-4124
|
0fa15e08-92ec-11e1-a94a-00215c6a37bb | samba -- incorrect permission checks vulnerability
The Samba project reports:
Samba versions 3.4.x to 3.6.4 inclusive are affected
by a vulnerability that allows arbitrary users to modify
privileges on a file server.
Security checks were incorrectly applied to the Local
Security Authority (LSA) remote proceedure calls (RPC)
CreateAccount, OpenAccount, AddAccountRights and
RemoveAccountRights allowing any authenticated user
to modify the privileges database.
This is a serious error, as it means that authenticated
users can connect to the LSA and grant themselves the
"take ownership" privilege. This privilege is used by the
smbd file server to grant the ability to change ownership
of a file or directory which means users could take ownership
of files or directories they do not own.
Discovery 2012-04-30 Entry 2012-04-30 samba34
gt 3.4.* lt 3.4.17
samba35
gt 3.5.* lt 3.5.15
samba36
gt 3.6.* lt 3.6.5
CVE-2012-2111
|
2826317b-10ec-11e7-944e-000c292e4fd8 | samba -- symlink race allows access outside share definition
Samba team reports:
A time-of-check, time-of-use race condition
can allow clients to access non-exported parts
of the file system via symlinks.
Discovery 2017-03-23 Entry 2017-03-24 samba36
ge 3.6.0 le 3.6.25_4
samba4
ge 4.0.0 le 4.0.26
samba41
ge 4.1.0 le 4.1.23
samba42
ge 4.2.0 le 4.2.14
samba43
ge 4.3.0 le 4.3.13
samba44
ge 4.4.0 lt 4.4.12
samba45
ge 4.5.0 lt 4.5.7
samba46
ge 4.6.0 lt 4.6.1
https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2619
|
6ad309d9-fb03-11e3-bebd-000c2980a9f3 | samba -- multiple vulnerabilities
The samba project reports:
A malformed packet can cause the nmbd server to loop the CPU and
prevent any further NetBIOS name service.
Valid unicode path names stored on disk can cause smbd to
crash if an authenticated client attempts to read them
using a non-unicode request.
Discovery 2014-06-23 Entry 2014-06-23 samba36
< 3.6.24
samba4
< 4.0.19
samba41
< 4.1.9
CVE-2014-0244
CVE-2014-3493
https://www.samba.org/samba/security/CVE-2014-0244
https://www.samba.org/samba/security/CVE-2014-3493
|
a636fc26-00d9-11e6-b704-000c292e4fd8 | samba -- multiple vulnerabilities
Samba team reports:
[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service
(crashes and high cpu consumption) and man in the middle attacks.
[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected.
A man in the middle is able to clear even required flags, especially
NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote
attackers to spoof the computer name of a secure channel's endpoints, and obtain
sensitive session information, by running a crafted application and leveraging
the ability to sniff network traffic.
[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections
to no integrity protection.
[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP
connections (with ldaps://) and ncacn_http connections (with https://).
[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.
[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is
the default for most the file server related protocols) is inherited from the underlying SMB connection.
[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic
between a client and a server in order to impersonate the client and get the same privileges
as the authenticated user account. This is most problematic against active directory domain controllers.
Discovery 2016-04-12 Entry 2016-04-12 Modified 2016-04-12 samba36
ge 3.6.0 le 3.6.25_3
samba4
ge 4.0.0 le 4.0.26
samba41
ge 4.1.0 le 4.1.23
samba42
ge 4.2.0 lt 4.2.11
samba43
ge 4.3.0 lt 4.3.8
samba44
ge 4.4.0 lt 4.4.2
CVE-2015-5370
https://www.samba.org/samba/security/CVE-2015-5370.html
CVE-2016-2110
https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2111
https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2112
https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2113
https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2114
https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2115
https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2118
https://www.samba.org/samba/security/CVE-2016-2118.html
|
ef434839-a6a4-11e5-8275-000c292e4fd8 | samba -- multiple vulnerabilities
Samba team reports:
[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.
[CVE-2015-5330] Malicious request can cause Samba LDAP server
to return uninitialized memory that should not be part of the reply.
[CVE-2015-5296] Requesting encryption should also request
signing when setting up the connection to protect against man-in-the-middle attacks.
[CVE-2015-5299] A missing access control check in the VFS
shadow_copy2 module could allow unauthorized users to access snapshots.
[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.
[CVE-2015-8467] Samba can expose Windows DCs to MS15-096
Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).
[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.
Discovery 2015-12-16 Entry 2015-12-19 Modified 2016-02-05 samba36
ge 3.6.0 lt 3.6.25_2
samba4
ge 4.0.0 le 4.0.26
samba41
ge 4.1.0 lt 4.1.22
samba42
ge 4.2.0 lt 4.2.7
samba43
ge 4.3.0 lt 4.3.3
ldb
ge 1.0.0 lt 1.1.24
CVE-2015-3223
https://www.samba.org/samba/security/CVE-2015-3223.html
CVE-2015-5252
https://www.samba.org/samba/security/CVE-2015-5252.html
CVE-2015-5296
https://www.samba.org/samba/security/CVE-2015-5296.html
CVE-2015-5299
https://www.samba.org/samba/security/CVE-2015-5299.html
CVE-2015-5330
https://www.samba.org/samba/security/CVE-2015-5330.html
CVE-2015-7540
https://www.samba.org/samba/security/CVE-2015-7540.html
CVE-2015-8467
https://www.samba.org/samba/security/CVE-2015-8467.html
|