CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0CVE-2010-0547 – samba: mount.cifs improper device name and mountpoint strings sanitization
https://notcve.org/view.php?id=CVE-2010-0547
04 Feb 2010 — client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.4.5 y anteriores no verifica (1) el nombre de dispositivo (2) cadenas de puntos de montaje compuestas por varios caracteres lo que permite a usuarios locales causar una denegación de servicio... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
07 Oct 2009 — smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" impr... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 97%CPEs: 61EXPL: 1CVE-2007-6015 – Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6015
13 Dec 2007 — Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos eje... • https://www.exploit-db.com/exploits/4732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 2EXPL: 5CVE-2004-2687 – DistCC Daemon - Command Execution
https://notcve.org/view.php?id=CVE-2004-2687
31 Dec 2004 — distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. • https://www.exploit-db.com/exploits/9915 • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2004-2546
https://notcve.org/view.php?id=CVE-2004-2546
31 Dec 2004 — Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). • http://www.samba.org/samba/history/samba-3.0.6.html •
CVSS: 10.0EPSS: 11%CPEs: 53EXPL: 0CVE-2004-1154
https://notcve.org/view.php?id=CVE-2004-1154
22 Dec 2004 — Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt •
CVSS: 9.1EPSS: 64%CPEs: 20EXPL: 1CVE-2004-0815
https://notcve.org/view.php?id=CVE-2004-0815
16 Oct 2004 — The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. La función unix_clena_name en Samba 2.2.x a 2.2.11, y 3.0.x anterirores a 3.0.2a, recorta ciertos nombres de directorio a sus rutas absolutas, lo que podría permitir a atacantes evitar la restricticiones de espe... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 •
CVSS: 7.5EPSS: 14%CPEs: 39EXPL: 0CVE-2004-0829
https://notcve.org/view.php?id=CVE-2004-0829
10 Sep 2004 — smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. • http://samba.org/samba/history/samba-2.2.11.html •
CVSS: 9.8EPSS: 69%CPEs: 5EXPL: 0CVE-2004-0686
https://notcve.org/view.php?id=CVE-2004-0686
23 Jul 2004 — Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Desbordamiento de búfer en Samba 2.2.x a 2.2.9 y 3.0.0 a 3.0.4, cuando la opción "mangling method = hash" está establecida en smb.conf, con impacto y vectores de ataque desconocidos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 2CVE-2004-0186 – Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0186
15 Mar 2004 — smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. smbmnt en Samba 2.0 y 3.0 para Linux 2.6, cuando se instala con setuid, permite a usuarios locales ganar privilegios de root montando un recurso compartido de Samba que contiene un programa con setuid de root, cuyos atributos no se limpian cuando el recurso compartido es el... • https://www.exploit-db.com/exploits/23674 •