Page 18 of 111 results (0.017 seconds)

CVSS: 7.2EPSS: 1%CPEs: 9EXPL: 1

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a atacantes remotos eludir las restricciones de acceso a archivos destinadas a través de un enlace simbólico que apunta fuera de un recurso compartido. An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo que permite a atacantes man-in-the-middle llevar a cabo un ataque de degradación de cifrado-a-descifrado modificando el flujo de datos cliente-servidor, relacionado con clidfs.c, libsmb_server.c y smbXcli_base.c. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 no verifica que el privilegio de acceso al DIRECTORY_LIST ha sido concedido, lo que permite a atacantes remotos acceder a instantáneas visitando un directorio shadow copy. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 97%CPEs: 96EXPL: 2

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y 3.6.x anterior a 3.6.25, 4.0.x anterior a 4.0.25, 4.1.x anterior a 4.1.17, y 4.2.x anterior a 4.2.0rc5 realiza una operación libre sobre un puntero de pila no inicializado, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes Netlogon manipulados que utilizan la API RPC ServerPasswordSet, tal y como fue demostrado mediante paquetes alcanzando la función _netr_ServerPasswordSet en rpc_server/netlogon/srv_netlog_nt.c. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). • https://www.exploit-db.com/exploits/36741 http://advisories.mageia.org/MGASA-2015-0084.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://lists.opensuse.org/opensuse- • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.5EPSS: 0%CPEs: 43EXPL: 0

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Samba 4.0.x anterior a 4.0.24, 4.1.x anterior a 4.1.16, y 4.2.x anterior a 4.2rc4, cuando un Active Directory Domain Controller (AD DC) está configurado, permite a usuarios remotos autenticados configurar el bit de LDB userAccountControl UF_SERVER_TRUST_ACCOUNT, y como consecuencia ganar privilegios, mediante el aprovechamiento de la delegación de autoridad para la creación de cuentas de usuarios o cuentas de ordenadores. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://secunia.com/advisories/62594 http://www.securityfocus.com/bid/72278 http://www.securitytracker.com/id/1031615 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326 http://www.ubuntu.com/usn/USN-2481-1 https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.p • CWE-264: Permissions, Privileges, and Access Controls •