Total
191 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0938 | 1 Samba | 1 Samba | 2017-10-09 | 5.0 MEDIUM | N/A |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
CVE-2014-8143 | 1 Samba | 1 Samba | 2017-09-07 | 8.5 HIGH | N/A |
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. | |||||
CVE-2013-0454 | 3 Canonical, Ibm, Samba | 3 Ubuntu Linux, Storwize, Samba | 2017-08-28 | 4.0 MEDIUM | N/A |
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. | |||||
CVE-2011-1678 | 1 Samba | 1 Samba | 2017-08-16 | 3.3 LOW | N/A |
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
CVE-2010-0787 | 1 Samba | 1 Samba | 2017-08-16 | 4.4 MEDIUM | N/A |
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. | |||||
CVE-2009-1886 | 1 Samba | 1 Samba | 2017-08-16 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | |||||
CVE-2003-1332 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2017-07-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||||
CVE-2004-0829 | 1 Samba | 1 Samba | 2017-07-10 | 5.0 MEDIUM | N/A |
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. | |||||
CVE-2013-6442 | 1 Samba | 1 Samba | 2017-01-06 | 5.8 MEDIUM | N/A |
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. | |||||
CVE-2016-2112 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 5.9 MEDIUM |
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. | |||||
CVE-2016-2115 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 5.9 MEDIUM |
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. | |||||
CVE-2016-2114 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 5.9 MEDIUM |
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. | |||||
CVE-2016-2113 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 5.8 MEDIUM | 7.4 HIGH |
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-3223 | 1 Samba | 1 Samba | 2016-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | |||||
CVE-2015-5330 | 1 Samba | 1 Samba | 2016-12-30 | 5.0 MEDIUM | 7.5 HIGH |
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. | |||||
CVE-2016-2111 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 6.3 MEDIUM |
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. | |||||
CVE-2016-2110 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 5.9 MEDIUM |
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. | |||||
CVE-2016-0771 | 1 Samba | 1 Samba | 2016-12-02 | 4.9 MEDIUM | 5.9 MEDIUM |
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. | |||||
CVE-2015-5370 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-02 | 4.3 MEDIUM | 5.9 MEDIUM |
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. | |||||
CVE-2013-4476 | 1 Samba | 1 Samba | 2015-03-02 | 1.2 LOW | N/A |
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. |