CVSS: 9.8EPSS: 2%CPEs: 188EXPL: 0CVE-2013-4408 – samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
https://notcve.org/view.php?id=CVE-2013-4408
10 Dec 2013 — Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Desbordamiento de búfer en la función dcerpc_read_ncacn_packet_done en librpc/rpc/dcerpc_util.c en winbindd en Samba 3.x anterior a 3.6.22, 4.0.x anterior a 4.0.13 y 4.1.x anterior a 4.1.3 que permite a los contro... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2012-6150 – samba: pam_winbind fails open when non-existent group specified to require_membership_of
https://notcve.org/view.php?id=CVE-2012-6150
03 Dec 2013 — The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. La función winbind_name_list_to_sid_string_list en nsswitch/pam_winbind.c en Samba hasta v4.1.2 maneja nombres de grupo require_membership_... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0CVE-2013-4475 – samba: no access check verification on stream files
https://notcve.org/view.php?id=CVE-2013-4475
13 Nov 2013 — Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4476 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2013-4476
13 Nov 2013 — Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. Samba 4.0.x anteriores a 4.0.11 y 4.1.x anteriores a 4.1.1, cuando LDAP o HTTP se proporcionan sobre SSL, utilizan permisos de lectura globales para una clave privada, lo cual permite a ususarios locales obtener... • http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html • CWE-310: Cryptographic Issues •