CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3437 – Ubuntu Security Notice USN-5936-1
https://notcve.org/view.php?id=CVE-2022-3437
31 Oct 2022 — A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. Se encontró una vulnerabilidad de des... • http://www.openwall.com/lists/oss-security/2023/02/08/1 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1615 – samba: GnuTLS gnutls_rnd() can fail and give predictable random values
https://notcve.org/view.php?id=CVE-2022-1615
01 Sep 2022 — In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. En Samba, la función GnuTLS gnutls_rnd() puede fallar y dar valores aleatorios predecibles A flaw was found in Samba. When the gnutls_rnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutls_rnd function fails. Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compat... • https://bugzilla.samba.org/show_bug.cgi?id=15103 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32743 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-32743
01 Sep 2022 — Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podría permitir a usuarios no privilegiados escribirlo Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected. • https://bugzilla.samba.org/show_bug.cgi?id=14833 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2031 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-2031
01 Aug 2022 — A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. Se ha encontrado un fallo en Samba. Una vulnerabilidad de seguridad es producida cuando el KDC y el servicio kpasswd comparten una misma cuenta y un mismo conjunto de claves, lo que les permite descifrar los ... • https://security.gentoo.org/glsa/202309-06 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-3670 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2021-3670
01 Aug 2022 — MaxQueryDuration not honoured in Samba AD DC LDAP MaxQueryDuration no es cumplido en Samba AD DC LDAP It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=2077533 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32742 – Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32742
01 Aug 2022 — A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). Se ha encontrado un fallo en Samba. Algunas solicitudes de escritura de SMB1 no son comprobaban correctamente para asegurar que el cliente había enviado suficientes da... • https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32744 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-32744
01 Aug 2022 — A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. Se ha encontrado un fallo en Samba. El KDC acepta solicitudes kpasswd cifradas con cualquier clave que conozca. • https://security.gentoo.org/glsa/202309-06 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32745 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-32745
01 Aug 2022 — A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. Se ha encontrado un fallo en Samba. Los usuarios de AD de Samba pueden hacer que el servidor acceda a datos no inicializados con una solicitud de adición o modificación de LDAP, resultando usualmente en un fallo de segmentación. It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contra... • https://security.gentoo.org/glsa/202309-06 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32746 – samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request
https://notcve.org/view.php?id=CVE-2022-32746
01 Aug 2022 — A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. Se ha encontrado un fallo en el servidor LDAP de Samba AD. El módulo de registro de auditoría de la base de datos AD DC puede acceder a los valores de los mensajes LDAP liberados por un módulo de base de datos anterior... • https://security.gentoo.org/glsa/202309-06 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20316 – samba: Symlink race error can allow metadata read and modify outside of the exported share
https://notcve.org/view.php?id=CVE-2021-20316
10 May 2022 — A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. Se ha encontrado un fallo en la forma en que Samba maneja los metadatos de los archivos/directorios. Este fallo permite a un atacante autenticado con permisos para leer o modificar los metadatos del recurso compartido, llevar a cabo esta operación fuera del recurso compartido. Red Hat Gluster Storage i... • https://access.redhat.com/security/cve/CVE-2021-20316 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •