CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-4091 – Samba: smb clients can truncate files with read-only permissions
https://notcve.org/view.php?id=CVE-2023-4091
11 Oct 2023 — A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions che... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 18%CPEs: 9EXPL: 0CVE-2023-34967 – Samba: type confusion in mdssvc rpc service for spotlight
https://notcve.org/view.php?id=CVE-2023-34967
20 Jul 2023 — A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the pass... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 13%CPEs: 9EXPL: 0CVE-2023-34966 – Samba: infinite loop in mdssvc rpc service for spotlight
https://notcve.org/view.php?id=CVE-2023-34966
20 Jul 2023 — An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 1%CPEs: 10EXPL: 0CVE-2022-2127 – Samba: out-of-bounds read in winbind auth_crap
https://notcve.org/view.php?id=CVE-2022-2127
20 Jul 2023 — An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. It was discovered that Samba incorrectly... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3347 – Samba: smb2 packet signing is not enforced when "server signing = required" is set
https://notcve.org/view.php?id=CVE-2023-3347
20 Jul 2023 — A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. It was discovered that Samba incorrectly handled W... • https://access.redhat.com/errata/RHSA-2023:4325 • CWE-347: Improper Verification of Cryptographic Signature CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 2%CPEs: 10EXPL: 0CVE-2023-34968 – Samba: spotlight server-side share path disclosure
https://notcve.org/view.php?id=CVE-2023-34968
20 Jul 2023 — A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a d... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0922 – Ubuntu Security Notice USN-5993-1
https://notcve.org/view.php?id=CVE-2023-0922
03 Apr 2023 — The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. La herramienta de administración Samba AD DC, cuando opera contra un servidor LDAP remoto, enviará por defecto contraseñas nuevas o restablecidas a través de una conexión firmada. Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this iss... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0225 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2023-0225
03 Apr 2023 — A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. Se ha encontrado un fallo en Samba. Una comprobación de acceso incompleta en dnsHostName permite a usuarios autenticados pero sin privilegios eliminar este atributo de cualquier objeto del directorio. Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. • https://security.gentoo.org/glsa/202309-06 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0614 – Ubuntu Security Notice USN-5992-1
https://notcve.org/view.php?id=CVE-2023-0614
03 Apr 2023 — The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. La corrección en 4.6.16, 4.7.9, 4.8.4 y 4.9.7 para CVE-2018-10919 Confidential Attribute Disclosure meidante filtros LDAP era insuficiente y un atacante podría ser capaz de obtener claves confidenciales de recuperación de BitLocker desde un Samba AD DC. Demi Marie Obenour discovered that ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20251 – Ubuntu Security Notice USN-5822-2
https://notcve.org/view.php?id=CVE-2021-20251
24 Jan 2023 — A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Se ha encontrado un fallo en samba. Una condición de ejecución en el código de bloqueo de contraseñas puede conllevar el riesgo de que los ataques de fuerza bruta tengan éxito si se cumplen unas condiciones especiales. USN-5822-1 fixed vulnerabilities in Samba. • https://bugzilla.redhat.com/show_bug.cgi?id=1929800 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •