Page 17 of 127 results (0.111 seconds)

CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. • http://www.securityfocus.com/bid/99455 https://access.redhat.com/errata/RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2778 https://bugs.debian.org/864291 https://bugzilla.samba.org/show_bug.cgi?id=12572 https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html https://access.redhat.com/security/cve/CVE-2017-9461 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 10.0EPSS: 97%CPEs: 5EXPL: 10

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba desde la versión 3.5.0 y anteriores a 4.6.4, versiones 4.5.10 y 4.4.14, son vulnerables a la ejecución de código remota, lo que permite que un cliente malicioso cargar una biblioteca compartida en un recurso compartido editable, y luego causar que el servidor lo cargue y ejecute. A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. • https://github.com/opsxcq/exploit-CVE-2017-7494 https://www.exploit-db.com/exploits/42060 https://www.exploit-db.com/exploits/42084 https://github.com/joxeankoret/CVE-2017-7494 https://github.com/homjxi0e/CVE-2017-7494 https://github.com/0xm4ud/noSAMBAnoCRY-CVE-2017-7494 https://github.com/incredible1yu/CVE-2017-7494 https://github.com/00mjk/exploit-CVE-2017-7494 https://github.com/Zer0d0y/Samba-CVE-2017-7494 https://github.com/adjaliya/-CVE-2017-7494-Samba-Exploit-PO • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba, en versiones anteriores a 4.6.1, 4.5.7 y 4.4.11, es vulnerable a un cliente malicioso que emplee una carrera symlink para permitir el acceso a áreas del sistema de archivos del servidor que no se exportan bajo la definición compartida. A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. Samba suffers from a symlink race that permits opening files outside of the share directory. • https://www.exploit-db.com/exploits/41740 http://www.securityfocus.com/bid/97033 http://www.securitytracker.com/id/1038117 https://access.redhat.com/errata/RHSA-2017:1265 https://access.redhat.com/errata/RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2778 https://access.redhat.com/errata/RHSA-2017:2789 https://bugzilla.redhat.com/show_bug.cgi?id=1429472 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us https:/& • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría emplear el ticket para suplantar Samba con otros usuarios de servicios o dominios. It was found that Samba always requested forwardable tickets when using Kerberos authentication. • http://rhn.redhat.com/errata/RHSA-2017-0494.html http://rhn.redhat.com/errata/RHSA-2017-0495.html http://rhn.redhat.com/errata/RHSA-2017-0662.html http://rhn.redhat.com/errata/RHSA-2017-0744.html http://www.securityfocus.com/bid/94988 http://www.securitytracker.com/id/1037494 https://access.redhat.com/errata/RHSA-2017:1265 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125 https://www.samba.org/samba/security/CVE-2016-2125.html https://access.redhat.c • CWE-20: Improper Input Validation CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. Samba versiones 4.0.0 hasta 4.5.2, es vulnerable a la elevación de privilegios debido al manejo incorrecto de la suma de comprobación PAC (Certificado de Atributo de Privilegio). Un atacante autenticado y remoto puede hacer que el proceso winbindd se bloquee usando un ticket de Kerberos legítimo. • http://rhn.redhat.com/errata/RHSA-2017-0494.html http://rhn.redhat.com/errata/RHSA-2017-0495.html http://rhn.redhat.com/errata/RHSA-2017-0662.html http://rhn.redhat.com/errata/RHSA-2017-0744.html http://www.securityfocus.com/bid/94994 http://www.securitytracker.com/id/1037495 https://access.redhat.com/errata/RHSA-2017:1265 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 https://www.samba.org/samba/security/CVE-2016-2126.html https://access.redhat • CWE-264: Permissions, Privileges, and Access Controls •