CVSS: 10.0EPSS: 97%CPEs: 96EXPL: 2CVE-2015-0240 – Samba < 3.6.2 (x86) - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y 3.6.x anterior a 3.6.25, 4.0.x anterior a 4.0.25, 4.1.x anterior a 4.1.17, y 4.2.x anterior a 4.2.0rc5 realiza una operación libre sobre un puntero de pila no inicializado, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes Netlogon manipulados que utilizan la API RPC ServerPasswordSet, tal y como fue demostrado mediante paquetes alcanzando la función _netr_ServerPasswordSet en rpc_server/netlogon/srv_netlog_nt.c. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). • https://www.exploit-db.com/exploits/36741 http://advisories.mageia.org/MGASA-2015-0084.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://lists.opensuse.org/opensuse- • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 5%CPEs: 52EXPL: 0CVE-2014-0244 – samba: nmbd denial of service
https://notcve.org/view.php?id=CVE-2014-0244
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. La función sys_recvfrom en nmbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un paquete UDP malformado. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-20: Improper Input Validation •
CVSS: 2.7EPSS: 2%CPEs: 52EXPL: 0CVE-2014-3493 – samba: smbd unicode path names denial of service
https://notcve.org/view.php?id=CVE-2014-3493
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. La función push_ascii en smbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y caída de demonio) a través de in intento de leer un nombre de ruta Unicode sin especificar el uso de Unicode, que conduce a un fallo de conversión de configuración de carácter que provoca una referencia a puntero inválida. It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-393: Return of Wrong Status Code •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4496 – samba: Password lockout not enforced for SAMR password changes
https://notcve.org/view.php?id=CVE-2013-4496
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Samba 3.x anterior a 3.6.23, 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 no fuerza el mecanismo de protección de adivinación de contraseña para todas las interfaces, lo que facilita a atacantes remotos obtener acceso a través de intentos de fuerza bruta de ChangePasswordUser2 (1) SAMR o (2) RAP. • http://advisories.mageia.org/MGASA-2014-0138.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html http://rhn. • CWE-255: Credentials Management Errors •
CVSS: 8.3EPSS: 0%CPEs: 188EXPL: 0CVE-2013-4408 – samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
https://notcve.org/view.php?id=CVE-2013-4408
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Desbordamiento de búfer en la función dcerpc_read_ncacn_packet_done en librpc/rpc/dcerpc_util.c en winbindd en Samba 3.x anterior a 3.6.22, 4.0.x anterior a 4.0.13 y 4.1.x anterior a 4.1.3 que permite a los controladores de dominio de AD remotos ejecutar código arbitrario a través de una longitud erroenea de los fragmentos de un paquete de DCE-RPC. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •