Page 24 of 3715 results (0.015 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. • https://access.redhat.com/errata/RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7467 https://access.redhat.com/security/cve/CVE-2023-3961 https://bugzilla.redhat.com/show_bug.cgi?id=2241881 https://bugzilla.samba.org/show_bug.cgi?id=15422 https://lists.fedoraproject.o • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Se descubrió una vulnerabilidad en Samba, donde la falla permite a los clientes SMB truncar archivos, incluso con permisos de solo lectura cuando el módulo Samba VFS "acl_xattr" está configurado con "acl_xattr:ignore system acls = yes". El protocolo SMB permite abrir archivos cuando el cliente solicita acceso de solo lectura, pero luego trunca implícitamente el archivo abierto a 0 bytes si el cliente especifica una solicitud de disposición de creación de SOBRESCRITURA separada. • https://access.redhat.com/errata/RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7467 https://access.redhat.com/security/cve/CVE-2023-4091 https://bugzilla.redhat.com/show_bug.cgi?id=2241882 https://bugzilla.samba.org/show_bug.cgi?id=15439 https://lists.debian.org/ • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. • https://access.redhat.com/errata/RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7467 https://access.redhat.com/security/cve/CVE-2023-42669 https://bugzilla.redhat.com/show_bug.cgi?id=2241884 https://bugzilla.samba.org/show_bug.cgi?id=15474 https://security.netapp.com& • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. La función nfnl_osf_add_callback no validó el campo opt_num controlado por el modo de usuario. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39189 https://bugzilla.redhat.com/show_bug.cgi?id=2226777 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html • CWE-125: Out-of-bounds Read •