CVSS: 7.1EPSS: 19%CPEs: 14EXPL: 0CVE-2017-12163 – Samba: Server memory information leak over SMB1
https://notcve.org/view.php?id=CVE-2017-12163
21 Sep 2017 — An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Se ha descubierto una vulnerabilidad de fuga de información en la manera en la que Samba, en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y... • http://www.securityfocus.com/bid/100925 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 4%CPEs: 17EXPL: 2CVE-2017-9461 – samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
https://notcve.org/view.php?id=CVE-2017-9461
06 Jun 2017 — smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Sa... • http://www.securityfocus.com/bid/99455 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 94%CPEs: 5EXPL: 22CVE-2017-7494 – Samba Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7494
24 May 2017 — Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba desde la versión 3.5.0 y anteriores a 4.6.4, versiones 4.5.10 y 4.4.14, son vulnerables a la ejecución de código remota, lo que permite que un cliente malicioso cargar una biblioteca compartida en un recurso compartido editable, y luego causar que el servidor lo c... • https://packetstorm.news/files/id/142710 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 20%CPEs: 6EXPL: 2CVE-2017-2619 – Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
https://notcve.org/view.php?id=CVE-2017-2619
23 Mar 2017 — Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba, en versiones anteriores a 4.6.1, 4.5.7 y 4.4.11, es vulnerable a un cliente malicioso que emplee una carrera symlink para permitir el acceso a áreas del sistema de archivos del servidor que no se exportan bajo la definición compartida. A race condition was found in samba server. A malicious samba client coul... • https://packetstorm.news/files/id/141824 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 13%CPEs: 18EXPL: 0CVE-2016-2125 – samba: Unconditional privilege delegation to Kerberos servers in trusted realms
https://notcve.org/view.php?id=CVE-2016-2125
19 Dec 2016 — It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría ... • http://rhn.redhat.com/errata/RHSA-2017-0494.html • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 22%CPEs: 101EXPL: 0CVE-2015-5370 – samba: crash in dcesrv_auth_bind_ack due to missing error check
https://notcve.org/view.php?id=CVE-2015-5370
12 Apr 2016 — Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no implementa correctamente la capa DCE-RPC, lo... • http://badlock.org •
CVSS: 5.9EPSS: 18%CPEs: 251EXPL: 0CVE-2016-2112 – samba: Missing downgrade detection
https://notcve.org/view.php?id=CVE-2016-2112
12 Apr 2016 — The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. El paquete de la librería cliente LDAP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no reconoce el ajuste "client ldap sasl wra... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 12%CPEs: 251EXPL: 0CVE-2016-2115 – samba: Smb signing not required by default when smb client connection is used for ipc usage
https://notcve.org/view.php?id=CVE-2016-2115
12 Apr 2016 — Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no requiere firmado SMB dentro de una sesión DCERPC sobre ncacn_np, lo que permite a atacantes man-in-the-middle suplantar clientes SM... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 4%CPEs: 251EXPL: 0CVE-2016-2110 – samba: Man-in-the-middle attacks possible with NTLMSSP authentication
https://notcve.org/view.php?id=CVE-2016-2110
12 Apr 2016 — The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. La implementación de autenticación NTLMSSP en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x e... • http://badlock.org • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.3EPSS: 1%CPEs: 251EXPL: 0CVE-2016-2111 – samba: Spoofing vulnerability when domain controller is configured
https://notcve.org/view.php?id=CVE-2016-2111
12 Apr 2016 — The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en ver... • http://badlock.org • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •