CVSS: 5.9EPSS: 12%CPEs: 251EXPL: 0CVE-2016-2115 – samba: Smb signing not required by default when smb client connection is used for ipc usage
https://notcve.org/view.php?id=CVE-2016-2115
12 Apr 2016 — Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no requiere firmado SMB dentro de una sesión DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SM... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 4%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
12 Apr 2016 — The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x e... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.3EPSS: 1%CPEs: 251EXPL: 0CVE-2016-2111 – samba: Spoofing vulnerability when domain controller is configured
https://notcve.org/view.php?id=CVE-2016-2111
12 Apr 2016 — The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en ver... • http://badlock.org • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 4%CPEs: 11EXPL: 0CVE-2015-7560 – samba: Incorrect ACL get/set allowed on symlink path
https://notcve.org/view.php?id=CVE-2015-7560
08 Mar 2016 — The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 4%CPEs: 9EXPL: 0CVE-2015-5296 – samba: client requesting encryption vulnerable to downgrade attack
https://notcve.org/view.php?id=CVE-2015-5296
29 Dec 2015 — Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 11%CPEs: 9EXPL: 0CVE-2015-5299 – Samba: Missing access control check in shadow copy code
https://notcve.org/view.php?id=CVE-2015-5299
29 Dec 2015 — The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 22%CPEs: 9EXPL: 1CVE-2015-5252 – samba: Insufficient symlink verification in smbd
https://notcve.org/view.php?id=CVE-2015-5252
29 Dec 2015 — vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a at... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 188EXPL: 0CVE-2013-4408 – samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
https://notcve.org/view.php?id=CVE-2013-4408
10 Dec 2013 — Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Desbordamiento de búfer en la función dcerpc_read_ncacn_packet_done en librpc/rpc/dcerpc_util.c en winbindd en Samba 3.x anterior a 3.6.22, 4.0.x anterior a 4.0.13 y 4.1.x anterior a 4.1.3 que permite a los contro... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0CVE-2013-4475 – samba: no access check verification on stream files
https://notcve.org/view.php?id=CVE-2013-4475
13 Nov 2013 — Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 86%CPEs: 177EXPL: 4CVE-2013-4124 – Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
https://notcve.org/view.php?id=CVE-2013-4124
05 Aug 2013 — Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Desbordamiento de entero en la función read_nttrans_ea_list en nttrans.c en smbd en Samba v3.x anterior a v3.5.22, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.8 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a trav... • https://packetstorm.news/files/id/180540 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •