CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25717.html https://access.redhat.com/security/cve/CVE-2020-25717 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2016-2124.html https://access.redhat.com/security/cve/CVE-2016-2124 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3671
https://notcve.org/view.php?id=CVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. Se ha encontrado una desreferencia de puntero null en la forma en que el servidor kerberos de Samba manejaba el sname faltante en TGS-REQ (Ticket Granting Server - Request). Un usuario autenticado podría usar este fallo para bloquear el servidor samba • https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C https://bugzilla.samba.org/show_bug.cgi?id=14770%2C https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html https://security.netapp.com/advisory/ntap-20221215-0002 https://security.netapp.com/advisory/ntap-20230216-0008 https://www.debian.org/security/2022/dsa-5287 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 42%CPEs: 25EXPL: 32CVE-2020-1472 – Microsoft Netlogon Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. • https://www.exploit-db.com/exploits/49071 https://github.com/SecuraBV/CVE-2020-1472 https://github.com/dirkjanm/CVE-2020-1472 https://github.com/VoidSec/CVE-2020-1472 https://github.com/k8gege/CVE-2020-1472-EXP https://github.com/cube0x0/CVE-2020-1472 https://github.com/sv3nbeast/CVE-2020-1472 https://github.com/thatonesecguy/zerologon-CVE-2020-1472 https://github.com/CanciuCostin/CVE-2020-1472 https://github.com/0xkami/CVE-2020-1472 https://github.com/striveben&#x • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10218 – samba: smb client vulnerable to filenames containing path separators
https://notcve.org/view.php?id=CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Se encontró un fallo en el cliente de samba, todas las versiones de samba anteriores a samba 4.11.2, 4.10.10 y 4.9.15, donde un servidor malicioso puede suministrar un nombre de ruta al cliente con separadores. Esto podría permitir al cliente acceder a archivos y carpetas fuera de los nombres de ruta de la red SMB. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G https: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •