CVSS: 5.9EPSS: 1%CPEs: 69EXPL: 0CVE-2016-0771
https://notcve.org/view.php?id=CVE-2016-0771
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. El servidor DNS interno en Samba 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4, cuando está configurado un AD DC permite a usuarios remotos autenticados causar una denegación de servicio (lectura fuera de rango) o posiblemente obtener información sensible de la memoria de proceso cargando un registro DNS TXT manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://www.debian.org/security/2016/dsa-3514 http://www.securityfocus.com/bid/84273 http://www.securitytracker.com/id/1035219 http://www.ubuntu.com/usn/USN-2922-1 https://bugzilla.samba.org/show_bug.cgi?id=11128 https://bugzilla.samba.org/show_bug.cgi?id=11686 https://www.samba.org/samba/security/CVE-2016-0771.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2015-7560 – samba: Incorrect ACL get/set allowed on symlink path
https://notcve.org/view.php?id=CVE-2015-7560
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simbólico, y después usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html http://lists.opensuse.org/opensuse-security-announce • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2015-8467
https://notcve.org/view.php?id=CVE-2015-8467
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. La función samldb_check_user_account_control_acl en dsdb/samdb/ldb_modules/samldb.c en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 no comprueba adecuadamente los privilegios administrativos durante la creación de cuentas de máquina, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinadas aprovechando la existencia de un dominio tanto con un Samba DC como con un Windows DC, un caso similar a CVE-2015-2535 • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.debian.org/security/2016/dsa-3433 http://www.securityfocus.com/bid/79735 http://www.securitytracker.com/id/1034493&# • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 35%CPEs: 57EXPL: 0CVE-2015-3223 – libldb: Remote DoS in Samba (AD) LDAP server
https://notcve.org/view.php?id=CVE-2015-3223
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. La función ldb_wildcard_compare en ldb_match.c en ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, no maneja correctamente valores cero, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de paquetes manipulados. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 13%CPEs: 7EXPL: 0CVE-2015-7540 – samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation
https://notcve.org/view.php?id=CVE-2015-7540
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. El servidor LDAP en el controlador de dominio AD en Samba 4.x en versiones anteriores a 4.1.22 no comprueba los valores de retorno para asegurar que la asignación de memoria ASN.1 tuvo éxito, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de demonio) a través de paquetes manipulados. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://www.debian.org/security/2016/dsa-3433 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/79736 http://www.securitytracker.com/id/1034492 http://www.ubuntu.com/usn/USN-2855-1 http://w • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •