CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0922 – Ubuntu Security Notice USN-5993-1
https://notcve.org/view.php?id=CVE-2023-0922
03 Apr 2023 — The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. La herramienta de administración Samba AD DC, cuando opera contra un servidor LDAP remoto, enviará por defecto contraseñas nuevas o restablecidas a través de una conexión firmada. Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this iss... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20251 – Ubuntu Security Notice USN-5822-2
https://notcve.org/view.php?id=CVE-2021-20251
24 Jan 2023 — A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Se ha encontrado un fallo en samba. Una condición de ejecución en el código de bloqueo de contraseñas puede conllevar el riesgo de que los ataques de fuerza bruta tengan éxito si se cumplen unas condiciones especiales. USN-5822-1 fixed vulnerabilities in Samba. • https://bugzilla.redhat.com/show_bug.cgi?id=1929800 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45141 – Ubuntu Security Notice USN-5936-1
https://notcve.org/view.php?id=CVE-2022-45141
24 Jan 2023 — Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Dado que la vulnerabilidad de elevación de privilegios de Windows Kerberos RC4-HMAC fue revelada por Microsoft el 8 de noviembre de 2022 y según RFC8429 se asume que rc4-hmac es débil,... • https://security.gentoo.org/glsa/202309-06 • CWE-326: Inadequate Encryption Strength CWE-328: Use of Weak Hash •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2022-44640 – Gentoo Linux Security Advisory 202310-06
https://notcve.org/view.php?id=CVE-2022-44640
23 Nov 2022 — Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Heimdal anterior a 7.7.1 permite a atacantes remotos ejecutar código arbitrario debido a un free no válido en el códec ASN.1 utilizado por el Centro de distribución de claves (KDC). It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov dis... • https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4 •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 1CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
21 Nov 2022 — PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y... • https://bugzilla.samba.org/show_bug.cgi?id=15203 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3437 – Ubuntu Security Notice USN-5936-1
https://notcve.org/view.php?id=CVE-2022-3437
31 Oct 2022 — A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. Se encontró una vulnerabilidad de des... • http://www.openwall.com/lists/oss-security/2023/02/08/1 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32744 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-32744
01 Aug 2022 — A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. Se ha encontrado un fallo en Samba. El KDC acepta solicitudes kpasswd cifradas con cualquier clave que conozca. • https://security.gentoo.org/glsa/202309-06 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32745 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-32745
01 Aug 2022 — A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. Se ha encontrado un fallo en Samba. Los usuarios de AD de Samba pueden hacer que el servidor acceda a datos no inicializados con una solicitud de adición o modificación de LDAP, resultando usualmente en un fallo de segmentación. It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contra... • https://security.gentoo.org/glsa/202309-06 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2031 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-2031
01 Aug 2022 — A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. Se ha encontrado un fallo en Samba. Una vulnerabilidad de seguridad es producida cuando el KDC y el servicio kpasswd comparten una misma cuenta y un mismo conjunto de claves, lo que les permite descifrar los ... • https://security.gentoo.org/glsa/202309-06 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32746 – samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request
https://notcve.org/view.php?id=CVE-2022-32746
01 Aug 2022 — A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. Se ha encontrado un fallo en el servidor LDAP de Samba AD. El módulo de registro de auditoría de la base de datos AD DC puede acceder a los valores de los mensajes LDAP liberados por un módulo de base de datos anterior... • https://security.gentoo.org/glsa/202309-06 • CWE-416: Use After Free •