CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10218 – samba: smb client vulnerable to filenames containing path separators
https://notcve.org/view.php?id=CVE-2019-10218
29 Oct 2019 — A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Se encontró un fallo en el cliente de samba, todas las versiones de samba anteriores a samba 4.11.2, 4.... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2019-10197 – samba: Combination of parameters and permissions can allow user to escape from the share path definition
https://notcve.org/view.php?id=CVE-2019-10197
03 Sep 2019 — A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. Se ha encontrado un error en Samba en las versiones 4.9.x hasta 4.9.13, samba versiones 4.10.x hasta 4.10.8 y samba versiones 4.11.x hasta 4.11.0rc3, cuando ciertos parámetros se establecieron e... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-12435 – Ubuntu Security Notice USN-4018-1
https://notcve.org/view.php?id=CVE-2019-12435
19 Jun 2019 — Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process. Samba versión 4.9.x anterior a 4.9.9 y versión 4.10.x anterior a 4.10.5, presenta una desreferencia de puntero NULL, lo que conlleva a la denegación de servicio. Esto está relacionado al proceso del servidor RPC del servidor de administración DNS (dnsserver) DC basado en AD. It was discovered that Samba incorrectly ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16860 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2018-16860
14 May 2019 — A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. Se encontró un fallo en la implementación de Heimdal KDC de samba, versione... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3870
https://notcve.org/view.php?id=CVE-2019-3870
09 Apr 2019 — A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a s... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-3880 – samba: save registry file outside share as unprivileged user
https://notcve.org/view.php?id=CVE-2019-3880
08 Apr 2019 — A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3824 – Debian Security Advisory 4397-1
https://notcve.org/view.php?id=CVE-2019-3824
27 Feb 2019 — A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2018-16853 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16853
28 Nov 2018 — Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --wit... • http://www.securityfocus.com/bid/106026 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16852 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16852
28 Nov 2018 — Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desde la versión 4.9.0 antes d... • http://www.securityfocus.com/bid/106024 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16857 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16857
28 Nov 2018 — Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade. Samba, desde la versión 4.9... • http://www.securityfocus.com/bid/106024 • CWE-358: Improperly Implemented Security Check for Standard •