Page 22 of 127 results (0.023 seconds)

CVSS: 8.5EPSS: 0%CPEs: 43EXPL: 0

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Samba 4.0.x anterior a 4.0.24, 4.1.x anterior a 4.1.16, y 4.2.x anterior a 4.2rc4, cuando un Active Directory Domain Controller (AD DC) está configurado, permite a usuarios remotos autenticados configurar el bit de LDB userAccountControl UF_SERVER_TRUST_ACCOUNT, y como consecuencia ganar privilegios, mediante el aprovechamiento de la delegación de autoridad para la creación de cuentas de usuarios o cuentas de ordenadores. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://secunia.com/advisories/62594 http://www.securityfocus.com/bid/72278 http://www.securitytracker.com/id/1031615 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326 http://www.ubuntu.com/usn/USN-2481-1 https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.p • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.9EPSS: 93%CPEs: 35EXPL: 0

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que modifican la memoria dinámica, involucrando una operación sizeof sobre una variable incorrecta en la macro unstrcpy en string_wrappers.h. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html http://secunia.com/advisories/59583 http://secunia.com/advisories/59610 http://secunia.com/advisories/59976 http://www.samba.org/samba/security/CVE-2014-3560 http://www.securityfocus.com/bid/69021 http://www.securitytracker.com/id/1030663 http://www.ubuntu.com&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.7EPSS: 2%CPEs: 52EXPL: 0

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. La función push_ascii en smbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y caída de demonio) a través de in intento de leer un nombre de ruta Unicode sin especificar el uso de Unicode, que conduce a un fallo de conversión de configuración de carácter que provoca una referencia a puntero inválida. It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-393: Return of Wrong Status Code •

CVSS: 3.3EPSS: 5%CPEs: 52EXPL: 0

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. La función sys_recvfrom en nmbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un paquete UDP malformado. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. • http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://rhn.redhat.com/errata/RHSA-2014-0866.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59433 http://secunia.com/advisories/59579 http://secunia.com/advisories/598 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Samba 3.6.6 hasta 3.6.23, 4.0.x anterior a 4.0.18 y 4.1.x anterior a 4.1.8, cuando cierta configuración de copia shadow vfs está habilitada, no inicializa debidamente el campo de respuesta SRV_SNAPSHOT_ARRAY, lo que permite a usuarios remotos autenticados obtener información potencialmente sensible de la memoria de procesos a través de una solicitud (1) FSCTL_GET_SHADOW_COPY_DATA o (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS. A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. • http://advisories.mageia.org/MGASA-2014-0279.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59579 http://security.gentoo.org/glsa/glsa-201502-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:136 http://www.mandriva.com/security/advisories?name=MDVSA-2015:08 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-665: Improper Initialization •