Page 20 of 124 results (0.010 seconds)

CVSS: 8.5EPSS: 1%CPEs: 101EXPL: 0

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no implementa correctamente la capa DCE-RPC, lo que permite a atacantes remotos llevar a cabo protocol-downgrade attacks, provocar una denegación de servicio (caída de aplicación o consumo de CPU), o posiblemente ejecutar código arbitrario en un sistema cliente a través de vectores no especificados. Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or •

CVSS: 6.3EPSS: 0%CPEs: 251EXPL: 0

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2, cuando un controlador de dominio está configurado, permite a atacantes remotos suplantar el nombre del computador de un dispositivo final de un canal seguro y obtener información sensible de sesión, ejecutando una aplicación manipulada y aprovechando la habilidad para husmear tráfico de red, un problema relacionado con CVE-2015-0005. It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simbólico, y después usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html http://lists.opensuse.org/opensuse-security-announce • CWE-284: Improper Access Control •

CVSS: 5.9EPSS: 1%CPEs: 69EXPL: 0

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. El servidor DNS interno en Samba 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4, cuando está configurado un AD DC permite a usuarios remotos autenticados causar una denegación de servicio (lectura fuera de rango) o posiblemente obtener información sensible de la memoria de proceso cargando un registro DNS TXT manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://www.debian.org/security/2016/dsa-3514 http://www.securityfocus.com/bid/84273 http://www.securitytracker.com/id/1035219 http://www.ubuntu.com/usn/USN-2922-1 https://bugzilla.samba.org/show_bug.cgi?id=11128 https://bugzilla.samba.org/show_bug.cgi?id=11686 https://www.samba.org/samba/security/CVE-2016-0771.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 28%CPEs: 57EXPL: 0

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. La función ldb_wildcard_compare en ldb_match.c en ldb en versiones anteriores a 1.1.24, como se utiliza en el servidor AD LDAP en Samba 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, no maneja correctamente valores cero, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de paquetes manipulados. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •