CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" imprevisto. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58519 http://samba.org/samba/security/CVE-2009-2906.html http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http:/&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2948 – samba: information disclosure in suid mount.cifs
https://notcve.org/view.php?id=CVE-2009-2948
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid root, no refuerza los permisos adecuadamente, lo que permite a usuarios locales leer parte del archivo de credenciales y obtener la contraseña especificando la ruta al archivo de credenciales y usando la opción --verbose o -v. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58520 http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http://secunia.com/advisories/36937 http://secunia.com/advisories/36953 http://slackware.com/security/viewer.php?l=slackware-security&y=2009 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.0EPSS: 0%CPEs: 78EXPL: 0CVE-2009-2813 – Samba: Share restriction bypass via home-less directory user account(s)
https://notcve.org/view.php?id=CVE-2009-2813
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba 3.4 en versiones anteriores a 3.4.2, 3.3 en versiones anteriores a 3.3.8, 3.2 en versiones anteriores a 3.2.15 y 3.0.12 hasta la versión 3.0.36, como es utilizado en el subsistema SMB en Apple Mac OS X 10.5.8 cuando Windows File Sharing está habilitado, Fedora 11 y otros sistemas operativos, no maneja adecuadamente errores al resolver nombres de ruta, lo que permite a usuarios remotos autenticados eludir las restricciones previstas para los recursos compartidos así como, leer, crear o modificar archivos, en determinadas circunstancias que involucran a las cuentas de usuario que carecen de directorios de inicio. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=126514298313071&w=2 http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/57955 http://secunia.com/advisories/36701 http://secunia.com/advisories/36893 http://se • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 1CVE-2009-1886 – Samba 3.3.5 - Format String / Security Bypass
https://notcve.org/view.php?id=CVE-2009-1886
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. Múltiples vulnerabilidades de formato de cadena en client/client.c en smbclient en Samba v3.2.0 hasta v3.2.12 podría permitir dependiendo del contexto a atacantes ejecutar código de su elección a través del formato de cadena especificado en un nombre de fichero. • https://www.exploit-db.com/exploits/33053 http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch http://www.samba.org/samba/security/CVE-2009-1886.html http://www.securityfocus.com/bid/35472&# • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1888 – Samba improper file access
https://notcve.org/view.php?id=CVE-2009-1888
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite a atacantes remotos modificar la lista de control de acceso para ficheros a través de vectores relacionados con acceso de lectura a memoria sin inicializar. • http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http:&# • CWE-264: Permissions, Privileges, and Access Controls •