Page 10 of 53 results (0.016 seconds)

CVSS: 5.1EPSS: 4%CPEs: 163EXPL: 0

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Samba Web Administration Tool (SWAT) en Samba v3.x anterior a v3.5.21, v3.6.x anterior a v3.6.12, y v4.x anterior a v4.0.2 permite a atacantes remotos llevar a cabo attaques de clickjacking mediante un (1) FRAME o un (2) elemento IFRAME • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-1310.html http://rhn.redhat.com/errata/RHSA-2013-1542.html http://rhn.redhat.com/errata/RHSA-2014-0305.html http://www.debian.org/security/2013/dsa-2617 http:/ • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 1%CPEs: 163EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el Samba Web Administration Tool (SWAT)en Samba v3.x anterior a v3.5.21, v3.6.x anterior a v3.6.12, y v4.x anterior a v4.0.2, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para aprovecharse de la contraseña y hacer peticiones que lleven a cabo acciones SWAT • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html http://osvdb.org/89627 http://rhn.redhat.com/errata/RHSA-2013-1310.html http://rhn.redhat.com/errata/RHSA-2013-1542.html http://rhn.redhat.com/errata/RHSA-2014-0305.html http://www.debian.org/security&# • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. El (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, y (4) RemoveAccountRights LSA RPC procedimientos en smbd de Samba v3.4.x anterior a v3.4.17, v3.5.x anterior a v3.5.15 y v3.6.x anterior a v3.6.5 no restringe correctamente las modificaciones en la base de datos de privilegios, permitiendo a usuarios remotos autenticados obtener la "toma de posesión" de privilegios a través de una conexión LSA. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html http://marc.info/?l=bugtraq&m=134323086902585&w • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 81%CPEs: 144EXPL: 1

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. El generador de código RPC de Samba 3.x anteriores a 3.4.16, 3.5.x anteriores a 3.5.14, y 3.6.x anteriores a 3.6.4 no implementa la validación de una longitud de array de una manera consistente con la validación de la reserva de memoria del array, lo que permite a atacantes remotos ejecutar código arbitrario a través de una llamada RPC modificada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ReportEventW requests. When parsing the data send in the request Samba uses the field 'strings' to create a heap allocation but then uses another field, 'num_of_strings', to write data to the allocation. • https://www.exploit-db.com/exploits/21850 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 2.6EPSS: 0%CPEs: 192EXPL: 0

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. La función check_mtab en client/mount.cifs.c en mount.cifs en smbfs en Samba v3.5.10 y anteriores no verifica correctamente que el (1) nombre del dispositivo y (2) las cadenas de punto de montaje se componen de caracteres válidos, lo que permite causar a los usuarios locales una denegación de servicio (corrupción de mtab) a través de una cadena de texto hecha a mano. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para el CVE-2.010-0547. • http://comments.gmane.org/gmane.linux.kernel.cifs/3827 http://git.samba.org/?p=cifs-utils.git%3Ba=commit%3Bh=1e7a32924b22d1f786b6f490ce8590656f578f91 http://openwall.com/lists/oss-security/2011/07/29/9 http://secunia.com/advisories/45798 http://www.mandriva.com/security/advisories?name=MDVSA-2011:148 http://www.redhat.com/support/errata/RHSA-2011-1220.html http://www.redhat.com/support/errata/RHSA-2011-1221.html http://www.securitytracker.com/id?1025984 https://bugzilla.redhat.com& • CWE-20: Improper Input Validation •