CVSS: 5.9EPSS: 18%CPEs: 251EXPL: 0CVE-2016-2112 – samba: Missing downgrade detection
https://notcve.org/view.php?id=CVE-2016-2112
12 Apr 2016 — The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. El paquete de la librería cliente LDAP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "client ldap sasl wra... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 12%CPEs: 251EXPL: 0CVE-2016-2115 – samba: Smb signing not required by default when smb client connection is used for ipc usage
https://notcve.org/view.php?id=CVE-2016-2115
12 Apr 2016 — Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no requiere firmado SMB dentro de una sesión DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SM... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 4%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
12 Apr 2016 — The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x e... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.3EPSS: 1%CPEs: 251EXPL: 0CVE-2016-2111 – samba: Spoofing vulnerability when domain controller is configured
https://notcve.org/view.php?id=CVE-2016-2111
12 Apr 2016 — The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en ver... • http://badlock.org • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 4%CPEs: 11EXPL: 0CVE-2015-7560 – samba: Incorrect ACL get/set allowed on symlink path
https://notcve.org/view.php?id=CVE-2015-7560
08 Mar 2016 — The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 4%CPEs: 9EXPL: 0CVE-2015-5296 – samba: client requesting encryption vulnerable to downgrade attack
https://notcve.org/view.php?id=CVE-2015-5296
29 Dec 2015 — Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 11%CPEs: 9EXPL: 0CVE-2015-5299 – Samba: Missing access control check in shadow copy code
https://notcve.org/view.php?id=CVE-2015-5299
29 Dec 2015 — The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 22%CPEs: 9EXPL: 1CVE-2015-5252 – samba: Insufficient symlink verification in smbd
https://notcve.org/view.php?id=CVE-2015-5252
29 Dec 2015 — vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a at... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 96EXPL: 3CVE-2015-0240 – Samba < 3.6.2 (x86) - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0240
23 Feb 2015 — The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y... • https://packetstorm.news/files/id/180975 • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2013-4496 – samba: Password lockout not enforced for SAMR password changes
https://notcve.org/view.php?id=CVE-2013-4496
14 Mar 2014 — Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Samba 3.x anterior a 3.6.23, 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 no fuerza el mecanismo de protección de adivinación de contraseña para todas las interfaces, lo que facilita a atacantes remotos obtener acceso a través de int... • http://advisories.mageia.org/MGASA-2014-0138.html • CWE-255: Credentials Management Errors •