CVSS: 3.3EPSS: 5%CPEs: 52EXPL: 0CVE-2014-0244 – samba: nmbd denial of service
https://notcve.org/view.php?id=CVE-2014-0244
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. La función sys_recvfrom en nmbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un paquete UDP malformado. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-20: Improper Input Validation •
CVSS: 2.7EPSS: 2%CPEs: 52EXPL: 0CVE-2014-3493 – samba: smbd unicode path names denial of service
https://notcve.org/view.php?id=CVE-2014-3493
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. La función push_ascii en smbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y caída de demonio) a través de in intento de leer un nombre de ruta Unicode sin especificar el uso de Unicode, que conduce a un fallo de conversión de configuración de carácter que provoca una referencia a puntero inválida. It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-393: Return of Wrong Status Code •
CVSS: 5.0EPSS: 37%CPEs: 2EXPL: 0CVE-2014-0239
https://notcve.org/view.php?id=CVE-2014-0239
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103. El servidor DNS interno en Samba 4.x anterior a 4.0.18 no comprueba el campo QR en la sección de cabecera de un mensaje DNS entrante antes de enviar una respuesta, lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) a través de un paquete de respuestas falsificado que provoca un bucle de comunicación, un problema relacionado con CVE-1999-0103. • http://secunia.com/advisories/59579 http://security.gentoo.org/glsa/glsa-201502-15.xml http://www.samba.org/samba/security/CVE-2014-0239 http://www.securityfocus.com/bid/67691 http://www.securitytracker.com/id/1030309 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2014-0178 – samba: Uninitialized memory exposure
https://notcve.org/view.php?id=CVE-2014-0178
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Samba 3.6.6 hasta 3.6.23, 4.0.x anterior a 4.0.18 y 4.1.x anterior a 4.1.8, cuando cierta configuración de copia shadow vfs está habilitada, no inicializa debidamente el campo de respuesta SRV_SNAPSHOT_ARRAY, lo que permite a usuarios remotos autenticados obtener información potencialmente sensible de la memoria de procesos a través de una solicitud (1) FSCTL_GET_SHADOW_COPY_DATA o (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS. A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. • http://advisories.mageia.org/MGASA-2014-0279.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59579 http://security.gentoo.org/glsa/glsa-201502-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:136 http://www.mandriva.com/security/advisories?name=MDVSA-2015:08 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-665: Improper Initialization •
CVSS: 5.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-6442 – samba: smbcacls will delete ACL lists in certain circumstances
https://notcve.org/view.php?id=CVE-2013-6442
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. La función owner_set en smbcacls.c en smbcacls en Samba 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 elimina una ACL durante el uso de una opción de --chown o --chgrp, lo que permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un cambio de administrativo no intencionado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://www.samba.org/samba/history/samba-4.0.16.html http://www.samba.org/samba/history/samba-4.1.6.html http://www.samba.org/samba/security/CVE-2013-6442 http://www.securityfocus.com/bid/66232 https://bugzilla.samba.org/show_bug.cgi?id=10327 https:/ • CWE-264: Permissions, Privileges, and Access Controls •