CVE-2015-7513
https://notcve.org/view.php?id=CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. arch/x86/kvm/x86.c en el kernel de Linux en versiones anteriores a 4.4 no reinicia los valores del contador PIT durante la restauración del estado, lo que permite a usuarios invitados del SO provocar una denegación de servicio (error de división por cero y caída del host del SO) a través del valor cero, relacionado con las funciones kvm_vm_ioctl_set_pit y kvm_vm_ioctl_set_pit2. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html http://www.debian.org/security/2016/dsa-3434 http://www.openwall.com/lists/oss-security/2016/01/07/2 http://www.securityfocus.com/bid/79901 ht • CWE-369: Divide By Zero •
CVE-2015-8467
https://notcve.org/view.php?id=CVE-2015-8467
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. La función samldb_check_user_account_control_acl en dsdb/samdb/ldb_modules/samldb.c en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 no comprueba adecuadamente los privilegios administrativos durante la creación de cuentas de máquina, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinadas aprovechando la existencia de un dominio tanto con un Samba DC como con un Windows DC, un caso similar a CVE-2015-2535 • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.debian.org/security/2016/dsa-3433 http://www.securityfocus.com/bid/79735 http://www.securitytracker.com/id/1034493 • CWE-269: Improper Privilege Management •
CVE-2015-7540 – samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation
https://notcve.org/view.php?id=CVE-2015-7540
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. El servidor LDAP en el controlador de dominio AD en Samba 4.x en versiones anteriores a 4.1.22 no comprueba los valores de retorno para asegurar que la asignación de memoria ASN.1 tuvo éxito, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de demonio) a través de paquetes manipulados. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://www.debian.org/security/2016/dsa-3433 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/79736 http://www.securitytracker.com/id/1034492 http://www.ubuntu.com/usn/USN-2855-1 http://w • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2015-5252 – samba: Insufficient symlink verification in smbd
https://notcve.org/view.php?id=CVE-2015-5252
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a atacantes remotos eludir las restricciones de acceso a archivos destinadas a través de un enlace simbólico que apunta fuera de un recurso compartido. An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5296 – samba: client requesting encryption vulnerable to downgrade attack
https://notcve.org/view.php?id=CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo que permite a atacantes man-in-the-middle llevar a cabo un ataque de degradación de cifrado-a-descifrado modificando el flujo de datos cliente-servidor, relacionado con clidfs.c, libsmb_server.c y smbXcli_base.c. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •