CVSS: 8.3EPSS: 91%CPEs: 8EXPL: 0CVE-2010-3069 – Samba: Stack-based buffer overflow by processing specially-crafted SID records
https://notcve.org/view.php?id=CVE-2010-3069
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. Un desbordamiento de búfer basado en pila en las funciones (1) sid_parse y (2) dom_sid_parse en Samba anterior a v3.5.5 permite a los atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de Windows Security ID (SID) manipulados en un fichero compartido. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.0EPSS: 29%CPEs: 104EXPL: 1CVE-2010-1635
https://notcve.org/view.php?id=CVE-2010-1635
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. La función chain_reply de process.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo -NULL- y caída del proceso) mediante una solicitud de negociación de protocolo (Negotiate Protocol) con determinado valor de campo 0x003 seguido de una solicitud Session Setup AndX con determinado valor de campo 0x8003. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d http://samba.org/samba/history/samba-3.4.8.html http://samba.org/samba/history/samba-3.5.2.html http://security-tracker.debian.org/tracker/CVE-2010-1635 http://www.mandriva.com/security/advisories?name=MDVSA-2010:141 http://www.securityfocus.com/bid/40097 http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29 http://www.vupen.com/english/advisories/2010&# •
CVSS: 5.0EPSS: 26%CPEs: 104EXPL: 1CVE-2010-1642
https://notcve.org/view.php?id=CVE-2010-1642
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. La función reply_sesssetup_and_X_spnego de sesssetup.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una lectura fuera de rango y ocasionar una denegación de servicio (caída del proceso), a través de una longitud blob -binary large object- de seguridad \xff\xff en una solicitud Session Setup AndX. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b http://samba.org/samba/history/samba-3.4.8.html http://samba.org/samba/history/samba-3.5.2.html http://security-tracker.debian.org/tracker/CVE-2010-1642 http://www.mandriva.com/security/advisories?name=MDVSA-2010:141 http://www.securityfocus.com/bid/40097 http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29 http://www.vupen.com/english/advisories/2010&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 1CVE-2010-2063 – Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Desbordamiento de búfer en la implementación del paquete SMB1 en la función chain_reply en process.c en smbd en Samba v3.0.x anterior v3.3.13 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria o caída de demonio) o probablemente ejecutar código de su elección a través de un campo manipulado en un paquete. • https://www.exploit-db.com/exploits/16860 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=129138831608422&w=2 http://marc.info/?l=bugtraq&m=130835366526620&w=2 http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://osvdb.org/65518 http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0787 – samba: Race condition by mount (mount.cifs) operations
https://notcve.org/view.php?id=CVE-2010-0787
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.0.22, v3.0.28a, v3.2.3, v3.3.2, v3.4.0, and v3.4.5 permite a usuarios locales montar un CIFS compartido en un punto de montaje arbitrario y ganar privilegios, a través de un ataque de enlace simbólico en un fichero del directorio del punto de montaje. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/38286 http://secunia.com/advisories/38308 http://secunia.com/advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •