CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
12 Apr 2016 — The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x e... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.3EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2111 – samba: Spoofing vulnerability when domain controller is configured
https://notcve.org/view.php?id=CVE-2016-2111
12 Apr 2016 — The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en ver... • http://badlock.org • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2112 – samba: Missing downgrade detection
https://notcve.org/view.php?id=CVE-2016-2112
12 Apr 2016 — The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. El paquete de la librería cliente LDAP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "client ldap sasl wra... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 1%CPEs: 69EXPL: 0CVE-2016-0771 – Ubuntu Security Notice USN-2922-1
https://notcve.org/view.php?id=CVE-2016-0771
08 Mar 2016 — The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. El servidor DNS interno en Samba 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2015-7560 – samba: Incorrect ACL get/set allowed on symlink path
https://notcve.org/view.php?id=CVE-2015-7560
08 Mar 2016 — The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 22%CPEs: 57EXPL: 0CVE-2015-3223 – libldb: Remote DoS in Samba (AD) LDAP server
https://notcve.org/view.php?id=CVE-2015-3223
29 Dec 2015 — The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. La función ldb_wildcard_compare en ldb_match.c en ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-189: Numeric Errors CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.2EPSS: 1%CPEs: 9EXPL: 1CVE-2015-5252 – samba: Insufficient symlink verification in smbd
https://notcve.org/view.php?id=CVE-2015-5252
29 Dec 2015 — vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a at... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5296 – samba: client requesting encryption vulnerable to downgrade attack
https://notcve.org/view.php?id=CVE-2015-5296
29 Dec 2015 — Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5299 – Samba: Missing access control check in shadow copy code
https://notcve.org/view.php?id=CVE-2015-5299
29 Dec 2015 — The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8467 – Gentoo Linux Security Advisory 201612-47
https://notcve.org/view.php?id=CVE-2015-8467
29 Dec 2015 — The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. La función samldb_check_user_account_control_acl en dsdb/samdb/ldb_modul... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html • CWE-269: Improper Privilege Management •