Page 17 of 106 results (0.018 seconds)

CVSS: 5.9EPSS: 1%CPEs: 69EXPL: 0

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. El servidor DNS interno en Samba 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4, cuando está configurado un AD DC permite a usuarios remotos autenticados causar una denegación de servicio (lectura fuera de rango) o posiblemente obtener información sensible de la memoria de proceso cargando un registro DNS TXT manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://www.debian.org/security/2016/dsa-3514 http://www.securityfocus.com/bid/84273 http://www.securitytracker.com/id/1035219 http://www.ubuntu.com/usn/USN-2922-1 https://bugzilla.samba.org/show_bug.cgi?id=11128 https://bugzilla.samba.org/show_bug.cgi?id=11686 https://www.samba.org/samba/security/CVE-2016-0771.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 28%CPEs: 57EXPL: 0

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. La función ldb_wildcard_compare en ldb_match.c en ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, no maneja correctamente valores cero, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de paquetes manipulados. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 1%CPEs: 57EXPL: 0

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, no maneja correctamente longitudes de cadena, lo que permite a atacantes remotos obtener información sensible de la memoria dinámica del demonio enviando paquetes manipulados y después leyendo (1) un mensaje de error o (2) un valor de base de datos. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04 • CWE-135: Incorrect Calculation of Multi-Byte String Length CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. La función samldb_check_user_account_control_acl en dsdb/samdb/ldb_modules/samldb.c en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 no comprueba adecuadamente los privilegios administrativos durante la creación de cuentas de máquina, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinadas aprovechando la existencia de un dominio tanto con un Samba DC como con un Windows DC, un caso similar a CVE-2015-2535 • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.debian.org/security/2016/dsa-3433 http://www.securityfocus.com/bid/79735 http://www.securitytracker.com/id/1034493&# • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 13%CPEs: 7EXPL: 0

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. El servidor LDAP en el controlador de dominio AD en Samba 4.x en versiones anteriores a 4.1.22 no comprueba los valores de retorno para asegurar que la asignación de memoria ASN.1 tuvo éxito, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de demonio) a través de paquetes manipulados. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://www.debian.org/security/2016/dsa-3433 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/79736 http://www.securitytracker.com/id/1034492 http://www.ubuntu.com/usn/USN-2855-1 http://w • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •