CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-3880 – samba: save registry file outside share as unprivileged user
https://notcve.org/view.php?id=CVE-2019-3880
08 Apr 2019 — A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3824 – Debian Security Advisory 4397-1
https://notcve.org/view.php?id=CVE-2019-3824
27 Feb 2019 — A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2018-16853 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16853
28 Nov 2018 — Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --wit... • http://www.securityfocus.com/bid/106026 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2018-16851 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16851
27 Nov 2018 — Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desd... • http://www.securityfocus.com/bid/106027 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-16841 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16841
27 Nov 2018 — Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the ... • http://www.securityfocus.com/bid/106023 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14629 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-14629
27 Nov 2018 — A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 68%CPEs: 1EXPL: 0CVE-2018-1140 – Gentoo Linux Security Advisory 202003-52
https://notcve.org/view.php?id=CVE-2018-1140
22 Aug 2018 — A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable Se ha detectado la ausencia de medidas de saneamiento de entradas en la implementación de la base de datos LDP utilizada para el servidor LDAP. Un atacante podría usar este fallo para causar una denegación de servicio... • http://www.securityfocus.com/bid/105082 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10918 – Gentoo Linux Security Advisory 202003-52
https://notcve.org/view.php?id=CVE-2018-10918
15 Aug 2018 — A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. Se ha detectado una vulnerabilidad de desreferencia de puntero NULL en la manera en la que samba comprobaba las salidas de la base de datos desde la capa de la base de datos LDB. Un atacante autenticado podría utilizar ... • http://www.securityfocus.com/bid/105083 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1139 – samba: Weak authentication protocol regression
https://notcve.org/view.php?id=CVE-2018-1139
15 Aug 2018 — A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. Se ha detectado un fallo en la manera en la que samba en versiones anteriores a la 4.7.9 y 4.8.4 permitía el uso de la autenticación NTLMv1 débil incluso cuando NTLMv1 estaba explícitamente deshabilitado. Un atacante Man-in-the-Middl... • http://www.securityfocus.com/bid/105084 • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10858 – samba: Insufficient input validation in libsmbclient
https://notcve.org/view.php?id=CVE-2018-10858
14 Aug 2018 — A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provoca... • http://www.securityfocus.com/bid/105085 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •