CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 2CVE-2009-1888 – Samba improper file access
https://notcve.org/view.php?id=CVE-2009-1888
24 Jun 2009 — The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite ... • http://secunia.com/advisories/35539 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 4%CPEs: 7EXPL: 0CVE-2009-0022
https://notcve.org/view.php?id=CVE-2009-0022
05 Jan 2009 — Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. Samba v3.2.0 hasta v3.2.6, cuando el registro de acciones está habilitado, permite a usuarios autenticados remotamente acceder al sistema de ficheros raíz a través de una petición de conexión manipulada que especifica un nombre de recurso compartido en blanco. • http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 13%CPEs: 10EXPL: 0CVE-2008-4314
https://notcve.org/view.php?id=CVE-2008-4314
01 Dec 2008 — smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. Una vulnerabilidad en smbd en versiones de Samba desde la 3.0.29 hasta la 3.2.4 podría permitir a atacantes remotos leer zonas arbitrarias de memoria y causar una denegación de servicio a través de peticiones modificadas de (1)trans, (2) trans2, y... • http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3789
https://notcve.org/view.php?id=CVE-2008-3789
27 Aug 2008 — Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. Samba 3.2.0 usa permisos débiles (0666) para los archivos (1) group_mapping.tdb y (2) group_mapping.ldb, lo que permite a usuarios locales modificar la pertenencia a los Grupos Unix. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 91%CPEs: 6EXPL: 1CVE-2008-1105 – Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1105
29 May 2008 — Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Desbordamiento de búfer basado en montículo en la función receive_smb_raw de util/sock.c en Samba 3.0.0 hasta 3.0.29, permite a atacantes remotos ejecutar código de su elección a través de una respuesta SMB manipulada. • https://www.exploit-db.com/exploits/5712 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 38%CPEs: 61EXPL: 1CVE-2007-6015 – Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6015
13 Dec 2007 — Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos eje... • https://www.exploit-db.com/exploits/4732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 27%CPEs: 48EXPL: 0CVE-2007-4572 – samba buffer overflow
https://notcve.org/view.php?id=CVE-2007-4572
16 Nov 2007 — Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. Desbordamiento de búfer basado en pila en el nmbd del Samba 3.0.0 hasta el 3.0.26a, cuando está configurado como controlador Primario ("Primary ") o Dominio de Seguridad ("Backup Domain"), permite a atacantes remotos tener un impacto desconocido a... • http://docs.info.apple.com/article.html?artnum=307179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 44%CPEs: 48EXPL: 0CVE-2007-5398 – Samba "reply_netbios_packet()" Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-5398
16 Nov 2007 — Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. Desbordamiento de búfer basado en pila en la función reply_netbios_packet en el nmbd/nmbd_packets.c del nmbd en el Samba 3.0.0 hasta el 3.0.26a, cuando opera como un servidor WINS, permite a atacantes remotos ejecutar ... • http://docs.info.apple.com/article.html?artnum=307179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4138 – samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin
https://notcve.org/view.php?id=CVE-2007-4138
14 Sep 2007 — The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined. La extensión Winbind nss_info (nsswitch/idmap_ad.c) en idmap_ad.so de Samba 3.0.25 hasta 3.0.25c, cuando la opción "winbind nss info" está asignada a rfc2307 ó sfu, concede a todos los usuarios locales el privil... • http://docs.info.apple.com/article.html?artnum=307179 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 8%CPEs: 8EXPL: 0CVE-2007-2444
https://notcve.org/view.php?id=CVE-2007-2444
14 May 2007 — Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. Error lógico en la funcionalidad de traducción SID/Name en smbd en Samba 3.0.23d hasta 3.0.25pre2 permite a usuarios locales ganar privilegios de forma temporal y ejecutar operaciones del protocolo SMB/CIFS a través de vectores no especificados qu... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 • CWE-269: Improper Privilege Management •