CVSS: 6.0EPSS: 0%CPEs: 78EXPL: 0CVE-2009-2813 – Samba: Share restriction bypass via home-less directory user account(s)
https://notcve.org/view.php?id=CVE-2009-2813
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba 3.4 en versiones anteriores a 3.4.2, 3.3 en versiones anteriores a 3.3.8, 3.2 en versiones anteriores a 3.2.15 y 3.0.12 hasta la versión 3.0.36, como es utilizado en el subsistema SMB en Apple Mac OS X 10.5.8 cuando Windows File Sharing está habilitado, Fedora 11 y otros sistemas operativos, no maneja adecuadamente errores al resolver nombres de ruta, lo que permite a usuarios remotos autenticados eludir las restricciones previstas para los recursos compartidos así como, leer, crear o modificar archivos, en determinadas circunstancias que involucran a las cuentas de usuario que carecen de directorios de inicio. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=126514298313071&w=2 http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/57955 http://secunia.com/advisories/36701 http://secunia.com/advisories/36893 http://se • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 97%CPEs: 6EXPL: 1CVE-2008-1105 – Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1105
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Desbordamiento de búfer basado en montículo en la función receive_smb_raw de util/sock.c en Samba 3.0.0 hasta 3.0.29, permite a atacantes remotos ejecutar código de su elección a través de una respuesta SMB manipulada. • https://www.exploit-db.com/exploits/5712 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30228 http://secunia.com/advisories/30385 http://secunia.com/advisories/30396 http://secunia.com/advisories/30442 http://secunia.com/advisories/30449 http://secunia.com/advisories/30478 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 61EXPL: 1CVE-2007-6015 – Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6015
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos ejecutar código de su elección mediante una petición de ranura de buzón GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petición de inicio de sesión SAMLOGON. • https://www.exploit-db.com/exploits/4732 http://bugs.gentoo.org/show_bug.cgi?id=200773 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27760 http://secunia.com/advisories/27894 http://secunia.com/advisories/27977 http://secunia.com/advisories/27993&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 11%CPEs: 48EXPL: 0CVE-2007-4572 – samba buffer overflow
https://notcve.org/view.php?id=CVE-2007-4572
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. Desbordamiento de búfer basado en pila en el nmbd del Samba 3.0.0 hasta el 3.0.26a, cuando está configurado como controlador Primario ("Primary ") o Dominio de Seguridad ("Backup Domain"), permite a atacantes remotos tener un impacto desconocido a través de peticiones modificadas GETDC mailslot, relacionada con el manejo de las peticiones de autenticación de servidor GETDC. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 48EXPL: 0CVE-2007-5398 – Samba "reply_netbios_packet()" Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-5398
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. Desbordamiento de búfer basado en pila en la función reply_netbios_packet en el nmbd/nmbd_packets.c del nmbd en el Samba 3.0.0 hasta el 3.0.26a, cuando opera como un servidor WINS, permite a atacantes remotos ejecutar código de su elección a través de peticiones modificadas del registro de nombres WINS seguidas de una petición de consultas de nombre WINS. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •