NotCVE - vendor:"Samba" product:"Samba" version:" >= 4.15.0

Page 4 of 34 results (0.021 seconds)

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2020-25722 – Gentoo Linux Security Advisory 202309-06

https://notcve.org/view.php?id=CVE-2020-25722

11 Nov 2021 — Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. Se han encontrado múltiples fallos en la forma en que samba AD DC implementa el acceso y la comprobación de conformidad de los datos almacenados. Un atacante podría usar este fallo para causar un compromiso total del dominio Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could pos... • https://bugzilla.redhat.com/show_bug.cgi?id=2019764 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-23192 – samba: Subsequent DCE/RPC fragment injection vulnerability

https://notcve.org/view.php?id=CVE-2021-23192

11 Nov 2021 — A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Se ha encontrado un fallo en la forma en que samba implementa DCE/RPC. Si un cliente a un servidor Samba enviaba una petición DCE/RPC muy grande, y elegía fragmentarla, un atacante podía reemplazar los fragmentos posteriores con sus propios datos, omitiendo los req... • https://bugzilla.redhat.com/show_bug.cgi?id=2019666 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-25721 – Gentoo Linux Security Advisory 202309-06

https://notcve.org/view.php?id=CVE-2020-25721

11 Nov 2021 — Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. Los aceptadores de Kerberos necesitan un acceso fácil a los identificadores estables de AD (por ejemplo, objectSid). Samba como un DC AD ahora proporciona una manera para que las aplicaciones de Linux para obtener un SID confiable (y samAccountName) en los boletos emitidos Stefan Metzmacher discovered that Sa... • https://bugzilla.redhat.com/show_bug.cgi?id=2021728 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 27%CPEs: 11EXPL: 0

CVE-2020-17049 – Kerberos KDC Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-17049

11 Nov 2020 —

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).

To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.

The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

Vulnerabilidad d... • http://www.openwall.com/lists/oss-security/2021/11/10/3 • CWE-345: Insufficient Verification of Data Authenticity CWE-863: Incorrect Authorization •

1 2 3 4