CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 1CVE-2010-2063 – Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Desbordamiento de búfer en la implementación del paquete SMB1 en la función chain_reply en process.c en smbd en Samba v3.0.x anterior v3.3.13 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria o caída de demonio) o probablemente ejecutar código de su elección a través de un campo manipulado en un paquete. • https://www.exploit-db.com/exploits/16860 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=129138831608422&w=2 http://marc.info/?l=bugtraq&m=130835366526620&w=2 http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://osvdb.org/65518 http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 123EXPL: 0CVE-2010-0547 – samba: mount.cifs improper device name and mountpoint strings sanitization
https://notcve.org/view.php?id=CVE-2010-0547
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.4.5 y anteriores no verifica (1) el nombre de dispositivo (2) cadenas de puntos de montaje compuestas por varios caracteres lo que permite a usuarios locales causar una denegación de servicio (corrupción mtab) a través de una cadena manipulada. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/39317 http://security.gentoo.org/glsa/glsa-201206-29.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:090 http://www.securityfocus.com/bid/38326 http://www.vupen.com/english/advisories/2010/1062 https://access. • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" imprevisto. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58519 http://samba.org/samba/security/CVE-2009-2906.html http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http:/&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2948 – samba: information disclosure in suid mount.cifs
https://notcve.org/view.php?id=CVE-2009-2948
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid root, no refuerza los permisos adecuadamente, lo que permite a usuarios locales leer parte del archivo de credenciales y obtener la contraseña especificando la ruta al archivo de credenciales y usando la opción --verbose o -v. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58520 http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http://secunia.com/advisories/36937 http://secunia.com/advisories/36953 http://slackware.com/security/viewer.php?l=slackware-security&y=2009 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 97%CPEs: 6EXPL: 1CVE-2008-1105 – Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1105
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Desbordamiento de búfer basado en montículo en la función receive_smb_raw de util/sock.c en Samba 3.0.0 hasta 3.0.29, permite a atacantes remotos ejecutar código de su elección a través de una respuesta SMB manipulada. • https://www.exploit-db.com/exploits/5712 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30228 http://secunia.com/advisories/30385 http://secunia.com/advisories/30396 http://secunia.com/advisories/30442 http://secunia.com/advisories/30449 http://secunia.com/advisories/30478 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •