CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5296 – samba: client requesting encryption vulnerable to downgrade attack
https://notcve.org/view.php?id=CVE-2015-5296
29 Dec 2015 — Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5299 – Samba: Missing access control check in shadow copy code
https://notcve.org/view.php?id=CVE-2015-5299
29 Dec 2015 — The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8467 – Gentoo Linux Security Advisory 201612-47
https://notcve.org/view.php?id=CVE-2015-8467
29 Dec 2015 — The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. La función samldb_check_user_account_control_acl en dsdb/samdb/ldb_modul... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 1%CPEs: 57EXPL: 0CVE-2015-5330 – libldb: remote memory read in the Samba LDAP server
https://notcve.org/view.php?id=CVE-2015-5330
29 Dec 2015 — ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anter... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html • CWE-135: Incorrect Calculation of Multi-Byte String Length CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2015-7540 – samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation
https://notcve.org/view.php?id=CVE-2015-7540
29 Dec 2015 — The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. El servidor LDAP en el controlador de dominio AD en Samba 4.x en versiones anteriores a 4.1.22 no comprueba los valores de retorno para asegurar que la asignación de memoria ASN.1 tuvo éxito, lo que permite a atacantes remotos provocar una denegaci... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 97%CPEs: 96EXPL: 3CVE-2015-0240 – Samba < 3.6.2 (x86) - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0240
23 Feb 2015 — The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y... • https://packetstorm.news/files/id/180975 • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 43EXPL: 0CVE-2014-8143 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2014-8143
17 Jan 2015 — Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Samba 4.0.x anterior a 4.0.24, 4.1.x anterior a 4.1.16, y 4.2.x anterior a 4.2rc4, cuando un Active Directory Domain Controller (AD DC) está configurado, per... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 90%CPEs: 35EXPL: 0CVE-2014-3560 – samba: remote code execution in nmbd
https://notcve.org/view.php?id=CVE-2014-3560
01 Aug 2014 — NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que modifican la memoria dinámica, inv... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 52EXPL: 0CVE-2014-0244 – samba: nmbd denial of service
https://notcve.org/view.php?id=CVE-2014-0244
23 Jun 2014 — The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. La función sys_recvfrom en nmbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un paquete UDP malformado. A denial of service flaw was found in... • http://advisories.mageia.org/MGASA-2014-0279.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 52EXPL: 0CVE-2014-3493 – samba: smbd unicode path names denial of service
https://notcve.org/view.php?id=CVE-2014-3493
23 Jun 2014 — The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. La función push_ascii en smbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a usuarios remot... • http://advisories.mageia.org/MGASA-2014-0279.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-393: Return of Wrong Status Code •