CVSS: 6.0EPSS: 0%CPEs: 78EXPL: 0CVE-2009-2813 – Samba: Share restriction bypass via home-less directory user account(s)
https://notcve.org/view.php?id=CVE-2009-2813
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba 3.4 en versiones anteriores a 3.4.2, 3.3 en versiones anteriores a 3.3.8, 3.2 en versiones anteriores a 3.2.15 y 3.0.12 hasta la versión 3.0.36, como es utilizado en el subsistema SMB en Apple Mac OS X 10.5.8 cuando Windows File Sharing está habilitado, Fedora 11 y otros sistemas operativos, no maneja adecuadamente errores al resolver nombres de ruta, lo que permite a usuarios remotos autenticados eludir las restricciones previstas para los recursos compartidos así como, leer, crear o modificar archivos, en determinadas circunstancias que involucran a las cuentas de usuario que carecen de directorios de inicio. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=126514298313071&w=2 http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/57955 http://secunia.com/advisories/36701 http://secunia.com/advisories/36893 http://se • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 1CVE-2009-1886 – Samba 3.3.5 - Format String / Security Bypass
https://notcve.org/view.php?id=CVE-2009-1886
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. Múltiples vulnerabilidades de formato de cadena en client/client.c en smbclient en Samba v3.2.0 hasta v3.2.12 podría permitir dependiendo del contexto a atacantes ejecutar código de su elección a través del formato de cadena especificado en un nombre de fichero. • https://www.exploit-db.com/exploits/33053 http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch http://www.samba.org/samba/security/CVE-2009-1886.html http://www.securityfocus.com/bid/35472&# • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1888 – Samba improper file access
https://notcve.org/view.php?id=CVE-2009-1888
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite a atacantes remotos modificar la lista de control de acceso para ficheros a través de vectores relacionados con acceso de lectura a memoria sin inicializar. • http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http:&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 80%CPEs: 7EXPL: 0CVE-2009-0022
https://notcve.org/view.php?id=CVE-2009-0022
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. Samba v3.2.0 hasta v3.2.6, cuando el registro de acciones está habilitado, permite a usuarios autenticados remotamente acceder al sistema de ficheros raíz a través de una petición de conexión manipulada que especifica un nombre de recurso compartido en blanco. • http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch http://osvdb.org/51152 http://secunia.com/advisories/33379 http://secunia.com/advisories/33392 http://secunia.com/advisories/33431 http://www.mandriva.com/security/advisories?name=MDVSA-2009:042 http://www.samba.org/samba/security/CVE-2009-0022.html http://www.securityfocus.com/bid/33118 http://www.securitytracker.com/id?1021513 http://www.vupen.com/english/advisories/2009/0017 https:&# • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 4%CPEs: 10EXPL: 0CVE-2008-4314
https://notcve.org/view.php?id=CVE-2008-4314
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. Una vulnerabilidad en smbd en versiones de Samba desde la 3.0.29 hasta la 3.2.4 podría permitir a atacantes remotos leer zonas arbitrarias de memoria y causar una denegación de servicio a través de peticiones modificadas de (1)trans, (2) trans2, y (3) nttrans. Esta vulnerabilidad está relacionada con un error "cortado y pegado" que causa un control de límites inadecuado. • http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://marc.info/?l=bugtraq&m=125003356619515&w=2 http://osvdb.org/50230 http://secunia.com/advisories/32813 http://secunia.com/advisories/32919 http://secunia.com/advisories/32951 http://secunia.com/advisories/32968 http://secunia.com/advisories/36281 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684 http://sunsolve.sun.com/search/document.do?assetkey=1-26- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •