CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2023-34968 – Samba: spotlight server-side share path disclosure
https://notcve.org/view.php?id=CVE-2023-34968
20 Jul 2023 — A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a d... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0225 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2023-0225
03 Apr 2023 — A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. Se ha encontrado un fallo en Samba. Una comprobación de acceso incompleta en dnsHostName permite a usuarios autenticados pero sin privilegios eliminar este atributo de cualquier objeto del directorio. Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. • https://security.gentoo.org/glsa/202309-06 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0614 – Ubuntu Security Notice USN-5992-1
https://notcve.org/view.php?id=CVE-2023-0614
03 Apr 2023 — The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. La corrección en 4.6.16, 4.7.9, 4.8.4 y 4.9.7 para CVE-2018-10919 Confidential Attribute Disclosure meidante filtros LDAP era insuficiente y un atacante podría ser capaz de obtener claves confidenciales de recuperación de BitLocker desde un Samba AD DC. Demi Marie Obenour discovered that ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0922 – Ubuntu Security Notice USN-5993-1
https://notcve.org/view.php?id=CVE-2023-0922
03 Apr 2023 — The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. La herramienta de administración Samba AD DC, cuando opera contra un servidor LDAP remoto, enviará por defecto contraseñas nuevas o restablecidas a través de una conexión firmada. Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this iss... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20251 – Ubuntu Security Notice USN-5822-2
https://notcve.org/view.php?id=CVE-2021-20251
24 Jan 2023 — A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Se ha encontrado un fallo en samba. Una condición de ejecución en el código de bloqueo de contraseñas puede conllevar el riesgo de que los ataques de fuerza bruta tengan éxito si se cumplen unas condiciones especiales. USN-5822-1 fixed vulnerabilities in Samba. • https://bugzilla.redhat.com/show_bug.cgi?id=1929800 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3592 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-3592
12 Jan 2023 — A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. Se ha encontrado una vulnerabilidad de seguimiento de enlaces simbólicos en Samba, donde un usuario puede... • https://access.redhat.com/security/cve/CVE-2022-3592 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2022-44640 – Gentoo Linux Security Advisory 202310-06
https://notcve.org/view.php?id=CVE-2022-44640
23 Nov 2022 — Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Heimdal anterior a 7.7.1 permite a atacantes remotos ejecutar código arbitrario debido a un free no válido en el códec ASN.1 utilizado por el Centro de distribución de claves (KDC). It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov dis... • https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4 •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 1CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
21 Nov 2022 — PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y... • https://bugzilla.samba.org/show_bug.cgi?id=15203 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3437 – Ubuntu Security Notice USN-5936-1
https://notcve.org/view.php?id=CVE-2022-3437
31 Oct 2022 — A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. Se encontró una vulnerabilidad de des... • http://www.openwall.com/lists/oss-security/2023/02/08/1 • CWE-122: Heap-based Buffer Overflow •