CVSS: 9.8EPSS: 2%CPEs: 188EXPL: 0CVE-2013-4408 – samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
https://notcve.org/view.php?id=CVE-2013-4408
10 Dec 2013 — Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Desbordamiento de búfer en la función dcerpc_read_ncacn_packet_done en librpc/rpc/dcerpc_util.c en winbindd en Samba 3.x anterior a 3.6.22, 4.0.x anterior a 4.0.13 y 4.1.x anterior a 4.1.3 que permite a los contro... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2012-6150 – samba: pam_winbind fails open when non-existent group specified to require_membership_of
https://notcve.org/view.php?id=CVE-2012-6150
03 Dec 2013 — The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. La función winbind_name_list_to_sid_string_list en nsswitch/pam_winbind.c en Samba hasta v4.1.2 maneja nombres de grupo require_membership_... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0CVE-2013-4475 – samba: no access check verification on stream files
https://notcve.org/view.php?id=CVE-2013-4475
13 Nov 2013 — Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 86%CPEs: 177EXPL: 4CVE-2013-4124 – Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
https://notcve.org/view.php?id=CVE-2013-4124
05 Aug 2013 — Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Desbordamiento de entero en la función read_nttrans_ea_list en nttrans.c en smbd en Samba v3.x anterior a v3.5.22, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.8 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a trav... • https://packetstorm.news/files/id/180540 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 1%CPEs: 9EXPL: 0CVE-2013-0454
https://notcve.org/view.php?id=CVE-2013-0454
26 Mar 2013 — The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. Samba... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 163EXPL: 0CVE-2013-0213 – samba: clickjacking vulnerability in SWAT
https://notcve.org/view.php?id=CVE-2013-0213
02 Feb 2013 — The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Samba Web Administration Tool (SWAT) en Samba v3.x anterior a v3.5.21, v3.6.x anterior a v3.6.12, y v4.x anterior a v4.0.2 permite a atacantes remotos llevar a cabo attaques de clickjacking mediante un (1) FRAME o un (2) elemento IFRAME Samba is an open-source implementation of the Server Message Block or... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 163EXPL: 0CVE-2013-0214 – samba: cross-site request forgery vulnerability in SWAT
https://notcve.org/view.php?id=CVE-2013-0214
02 Feb 2013 — Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el Samba Web Administration Tool (SWAT)en Samba v3.x anterior a v3.5.21, v3.6.x anterior a v3.6.12, y v4.... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 37EXPL: 0CVE-2012-2111 – samba: Incorrect permission checks when granting/removing privileges
https://notcve.org/view.php?id=CVE-2012-2111
30 Apr 2012 — The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. El (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, y (4) RemoveAccountRights LSA RPC procedimientos en smbd de Samba v3.4.x anterior a v3.4.... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 75%CPEs: 144EXPL: 1CVE-2012-1182 – Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1182
10 Apr 2012 — The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. El generador de código RPC de Samba 3.x anteriores a 3.4.16, 3.5.x anteriores a 3.5.14, y 3.6.x anteriores a 3.6.4 no implementa la validación de una longitud de array de una manera consistente con la validación de la res... • https://www.exploit-db.com/exploits/21850 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 192EXPL: 0CVE-2011-2724 – cifs-utils: mount.cifs incorrect fix for CVE-2010-0547
https://notcve.org/view.php?id=CVE-2011-2724
06 Sep 2011 — The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. La función check_mtab en client/mount.cifs.c en mount.cifs en smbfs en Samba v3.5.10 y anteriores no verifica correctamente que el... • http://comments.gmane.org/gmane.linux.kernel.cifs/3827 • CWE-20: Improper Input Validation •