Page 38 of 231 results (0.016 seconds)

CVSS: 9.3EPSS: 95%CPEs: 48EXPL: 0

CVE-2007-5398 – Samba "reply_netbios_packet()" Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-5398

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. Desbordamiento de búfer basado en pila en la función reply_netbios_packet en el nmbd/nmbd_packets.c del nmbd en el Samba 3.0.0 hasta el 3.0.26a, cuando opera como un servidor WINS, permite a atacantes remotos ejecutar código de su elección a través de peticiones modificadas del registro de nombres WINS seguidas de una petición de consultas de nombre WINS. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-4138 – samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin

https://notcve.org/view.php?id=CVE-2007-4138

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined. La extensión Winbind nss_info (nsswitch/idmap_ad.c) en idmap_ad.so de Samba 3.0.25 hasta 3.0.25c, cuando la opción "winbind nss info" está asignada a rfc2307 ó sfu, concede a todos los usuarios locales el privilegio de gid 0 cuando el atributo de grupo primario (1) RFC2307 ó (2) Services for UNIX (SFU) no está definido. • http://docs.info.apple.com/article.html?artnum=307179 http://secunia.com/advisories/26764 http://secunia.com/advisories/26776 http://secunia.com/advisories/26795 http://secunia.com/advisories/26834 http://securityreason.com/securityalert/3135 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439 http://www.redhat.com/support/errata/RHSA-2007-1016.html http://www.redhat.com/support/errata/RHSA-2007-1017.html http://www.samba.org/samba/se • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2007-2407

https://notcve.org/view.php?id=CVE-2007-2407

The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. El servidor Samba en Apple Mac OS X 10.3.9 y 10.4.10, cuando la compartición de archivos Windows está habilitada, no impone quotas de disco tras borrar privilegios, lo cual permite a usuarios remotos autenticados utilizar espacio de disco que excede la quota. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35738 •

CVSS: 7.2EPSS: 13%CPEs: 8EXPL: 0

CVE-2007-2444

https://notcve.org/view.php?id=CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. Error lógico en la funcionalidad de traducción SID/Name en smbd en Samba 3.0.23d hasta 3.0.25pre2 permite a usuarios locales ganar privilegios de forma temporal y ejecutar operaciones del protocolo SMB/CIFS a través de vectores no especificados que provocan que el demonio transite al usuario root. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html http://osvdb.org/34698 http://secunia.com/advisories/25232 http://secunia.com/advisories/25241 http://secunia.com/advisories/25246 http://secunia.com/advisories/25251 http://secunia.com/advisories/25255 http://secunia.com/advisories/25256 http://secunia.com/advisories/25259 http://secunia.com/advisories/25270 http • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 96%CPEs: 34EXPL: 4

CVE-2007-2446 – Samba lsa_io_trans_names Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). Múltiples desbordamientos de búfer en la región heap de la memoria en el análisis NDR en smbd en Samba versión 3.0.0 hasta 3.0.25rc3 permiten que los atacantes remotos ejecuten código arbitrario por medio de peticiones MS-RPC creadas que involucran (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), o (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_name). This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. • https://www.exploit-db.com/exploits/9950 https://www.exploit-db.com/exploits/16859 https://www.exploit-db.com/exploits/16875 https://www.exploit-db.com/exploits/16329 http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •