CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3824 – Debian Security Advisory 4397-1
https://notcve.org/view.php?id=CVE-2019-3824
27 Feb 2019 — A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10858 – samba: Insufficient input validation in libsmbclient
https://notcve.org/view.php?id=CVE-2018-10858
14 Aug 2018 — A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provoca... • http://www.securityfocus.com/bid/105085 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 41%CPEs: 14EXPL: 0CVE-2017-12163 – Samba: Server memory information leak over SMB1
https://notcve.org/view.php?id=CVE-2017-12163
21 Sep 2017 — An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Se ha descubierto una vulnerabilidad de fuga de información en la manera en la que Samba, en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y... • http://www.securityfocus.com/bid/100925 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0CVE-2017-12151 – samba: SMB2 connections don't keep encryption across DFS redirects
https://notcve.org/view.php?id=CVE-2017-12151
21 Sep 2017 — A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. Se ha encontrado un fallo en la forma en la que el cliente samba en versiones anteriores a samba 4.4.16, samba 4.5.14 y samba 4.6.8 utilizaba cifrado con el protocolo max estable... • http://www.securityfocus.com/bid/100917 • CWE-300: Channel Accessible by Non-Endpoint CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2CVE-2017-9461 – samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
https://notcve.org/view.php?id=CVE-2017-9461
06 Jun 2017 — smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Sa... • http://www.securityfocus.com/bid/99455 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 2CVE-2017-2619 – Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
https://notcve.org/view.php?id=CVE-2017-2619
23 Mar 2017 — Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba, en versiones anteriores a 4.6.1, 4.5.7 y 4.4.11, es vulnerable a un cliente malicioso que emplee una carrera symlink para permitir el acceso a áreas del sistema de archivos del servidor que no se exportan bajo la definición compartida. A race condition was found in samba server. A malicious samba client coul... • https://packetstorm.news/files/id/141824 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2115 – samba: Smb signing not required by default when smb client connection is used for ipc usage
https://notcve.org/view.php?id=CVE-2016-2115
12 Apr 2016 — Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no requiere firmado SMB dentro de una sesión DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SM... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
12 Apr 2016 — The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x e... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.3EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2111 – samba: Spoofing vulnerability when domain controller is configured
https://notcve.org/view.php?id=CVE-2016-2111
12 Apr 2016 — The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en ver... • http://badlock.org • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 251EXPL: 0CVE-2016-2112 – samba: Missing downgrade detection
https://notcve.org/view.php?id=CVE-2016-2112
12 Apr 2016 — The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. El paquete de la librería cliente LDAP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "client ldap sasl wra... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •