CVE-2009-0022
https://notcve.org/view.php?id=CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. Samba v3.2.0 hasta v3.2.6, cuando el registro de acciones está habilitado, permite a usuarios autenticados remotamente acceder al sistema de ficheros raíz a través de una petición de conexión manipulada que especifica un nombre de recurso compartido en blanco. • http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch http://osvdb.org/51152 http://secunia.com/advisories/33379 http://secunia.com/advisories/33392 http://secunia.com/advisories/33431 http://www.mandriva.com/security/advisories?name=MDVSA-2009:042 http://www.samba.org/samba/security/CVE-2009-0022.html http://www.securityfocus.com/bid/33118 http://www.securitytracker.com/id?1021513 http://www.vupen.com/english/advisories/2009/0017 https: • CWE-20: Improper Input Validation •
CVE-2008-4314
https://notcve.org/view.php?id=CVE-2008-4314
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. Una vulnerabilidad en smbd en versiones de Samba desde la 3.0.29 hasta la 3.2.4 podría permitir a atacantes remotos leer zonas arbitrarias de memoria y causar una denegación de servicio a través de peticiones modificadas de (1)trans, (2) trans2, y (3) nttrans. Esta vulnerabilidad está relacionada con un error "cortado y pegado" que causa un control de límites inadecuado. • http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://marc.info/?l=bugtraq&m=125003356619515&w=2 http://osvdb.org/50230 http://secunia.com/advisories/32813 http://secunia.com/advisories/32919 http://secunia.com/advisories/32951 http://secunia.com/advisories/32968 http://secunia.com/advisories/36281 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684 http://sunsolve.sun.com/search/document.do?assetkey=1-26- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •