Page 12 of 59 results (0.013 seconds)

CVSS: 10.0EPSS: 96%CPEs: 34EXPL: 4

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). Múltiples desbordamientos de búfer en la región heap de la memoria en el análisis NDR en smbd en Samba versión 3.0.0 hasta 3.0.25rc3 permiten que los atacantes remotos ejecuten código arbitrario por medio de peticiones MS-RPC creadas que involucran (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), o (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_name). This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. • https://www.exploit-db.com/exploits/9950 https://www.exploit-db.com/exploits/16859 https://www.exploit-db.com/exploits/16875 https://www.exploit-db.com/exploits/16329 http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 52EXPL: 0

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. Una vulnerabilidad de cadena de formato en el módulo VFS afsacl.so en Samba versión 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignación ACL de Windows. • http://osvdb.org/33101 http://secunia.com/advisories/24021 http://secunia.com/advisories/24046 http://secunia.com/advisories/24060 http://secunia.com/advisories/24067 http://secunia.com/advisories/24101 http://secunia.com/advisories/24145 http://secunia.com/advisories/24151 http://securitytracker.com/id?1017588 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 http://us1.samba.org/samba/security/CVE-2007-0454.html http://www. • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. smbd en Samba 3.0.6 hasta 3.0.23d permite a usuarios autenticados remotamente provocar una denegación de servicio (agotamiento de memoria y CPU) renombrando un archivo de una forma que previene que una petición sea eliminada de la cola abierta referenciada, lo cual dispara un bucle infinito. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://fedoranews.org/cms/node/2579 http://fedoranews.org/cms/node/2580 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462 http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html http://osvdb.org/33100 http://secunia.com/advisories/24021 http://secunia.com/advisories/24030 http://secunia.com/advisories/24046 http://secunia.com/advisories/24060 http://sec •

CVSS: 5.0EPSS: 17%CPEs: 27EXPL: 0

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. El demonio smdb (smbd/service.c) en Samba versiones 3.0.1 hasta la 3.0.22, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un gran número de peticiones de conexión compartida. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/20980 http://secunia.com/advisories/20983 http://secunia.com/advisories/21018 http://secunia.com/advisories/21019 http://secunia.com/advisories/21046 http://secunia.com/advisories/21086 http://secunia.com/advisories/21143 http://secunia.com/advisories&#x •