Page 29 of 199 results (0.010 seconds)

CVSS: 5.0EPSS: 26%CPEs: 104EXPL: 1

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. La función reply_sesssetup_and_X_spnego de sesssetup.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una lectura fuera de rango y ocasionar una denegación de servicio (caída del proceso), a través de una longitud blob -binary large object- de seguridad \xff\xff en una solicitud Session Setup AndX. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b http://samba.org/samba/history/samba-3.4.8.html http://samba.org/samba/history/samba-3.5.2.html http://security-tracker.debian.org/tracker/CVE-2010-1642 http://www.mandriva.com/security/advisories?name=MDVSA-2010:141 http://www.securityfocus.com/bid/40097 http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29 http://www.vupen.com/english/advisories/2010&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 1

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Desbordamiento de búfer en la implementación del paquete SMB1 en la función chain_reply en process.c en smbd en Samba v3.0.x anterior v3.3.13 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria o caída de demonio) o probablemente ejecutar código de su elección a través de un campo manipulado en un paquete. • https://www.exploit-db.com/exploits/16860 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=129138831608422&w=2 http://marc.info/?l=bugtraq&m=130835366526620&w=2 http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://osvdb.org/65518 http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. smbd en Samba v3.3.11, v3.4.6, y v3.5.0, cuando el soporte libcap está activado, se ejecuta con la capacidad CAP_DAC_OVERRIDE, lo que permite a usuarios autenticados remotamente superar los permisos establecidos de archivos establecidos a través de operaciones filesystem con cualquier cliente. • http://lists.samba.org/archive/samba-announce/2010/000211.html http://www.samba.org/samba/history/samba-3.3.12.html http://www.samba.org/samba/history/samba-3.4.7.html http://www.samba.org/samba/history/samba-3.5.1.html http://www.samba.org/samba/security/CVE-2010-0728 https://bugzilla.samba.org/show_bug.cgi?id=7222 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 2%CPEs: 18EXPL: 2

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. La configuración por defecto de smbd en Samba en versiones anteriores a v3.3.11, v3.4.x anteriores a v3.4.6, y v3.5.x anteriores a v3.5.0rc3, cuando existe una carpeta compartida, permite a usuarios remotos autenticados utilizar una vulnerabilidad de salto de directorio y acceder a ficheros de forma arbitraria, mediante el uso de un comando de enlace simbólico en smbclient para crear un enlace simbólico que contenga secuencias .. (punto punto), relacionado con la combinación de extensiones unix y opciones amplias de enlaces. • https://www.exploit-db.com/exploits/33599 https://www.exploit-db.com/exploits/33598 http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html http://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4 http://lists.opensuse.org/opensuse-security • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.0.22, v3.0.28a, v3.2.3, v3.3.2, v3.4.0, and v3.4.5 permite a usuarios locales montar un CIFS compartido en un punto de montaje arbitrario y ganar privilegios, a través de un ataque de enlace simbólico en un fichero del directorio del punto de montaje. • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/38286 http://secunia.com/advisories/38308 http://secunia.com/advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •