CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2016-2124.html https://access.redhat.com/security/cve/CVE-2016-2124 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23192 – samba: Subsequent DCE/RPC fragment injection vulnerability
https://notcve.org/view.php?id=CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Se ha encontrado un fallo en la forma en que samba implementa DCE/RPC. Si un cliente a un servidor Samba enviaba una petición DCE/RPC muy grande, y elegía fragmentarla, un atacante podía reemplazar los fragmentos posteriores con sus propios datos, omitiendo los requisitos de firma A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. • https://bugzilla.redhat.com/show_bug.cgi?id=2019666 https://security.gentoo.org/glsa/202309-06 https://ubuntu.com/security/CVE-2021-23192 https://www.samba.org/samba/security/CVE-2021-23192.html https://access.redhat.com/security/cve/CVE-2021-23192 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25717.html https://access.redhat.com/security/cve/CVE-2020-25717 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-25718
https://notcve.org/view.php?id=CVE-2020-25718
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. Se encontró un fallo en la forma en que samba, como controlador de dominio de Active Directory, es capaz de soportar un RODC (controlador de dominio de sólo lectura). Esto permitiría a un RODC imprimir tickets de administrador • https://bugzilla.redhat.com/show_bug.cgi?id=2019726 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25718.html • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 33EXPL: 0CVE-2020-25719 – samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
https://notcve.org/view.php?id=CVE-2020-25719
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. Se encontró un fallo en la forma en que Samba, como controlador de dominio de Active Directory, implementaba la autenticación basada en nombres de Kerberos. El AD DC de Samba, podía confundirse sobre el usuario que representa un ticket si no requería estrictamente un PAC de Kerberos y siempre usaba los SIDs encontrados dentro. • https://bugzilla.redhat.com/show_bug.cgi?id=2019732 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25719.html https://access.redhat.com/security/cve/CVE-2020-25719 • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •