CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1678 – samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1678
10 Apr 2011 — smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. smbfs en Samba v3.5.8 y anteriores, un intento de utilizar (1) mount.cifs para añadir al fichero /etc/mtab y (2) umount.cifs para añadir al ficher... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 18%CPEs: 127EXPL: 0CVE-2011-0719 – Samba unsafe fd_set usage
https://notcve.org/view.php?id=CVE-2011-0719
01 Mar 2011 — Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. Samba versión 3.x anterior a 3.3.15, versión 3.4.x anterior a 3.4.12 y versión 3.5.x anterior a 3.5.7, no realiza comprobaciones de rango para los descriptores de archi... • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 37%CPEs: 8EXPL: 0CVE-2010-3069 – Samba: Stack-based buffer overflow by processing specially-crafted SID records
https://notcve.org/view.php?id=CVE-2010-3069
15 Sep 2010 — Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. Un desbordamiento de búfer basado en pila en las funciones (1) sid_parse y (2) dom_sid_parse en Samba anterior a v3.5.5 permite a los atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de Wind... • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 6%CPEs: 104EXPL: 1CVE-2010-1635
https://notcve.org/view.php?id=CVE-2010-1635
17 Jun 2010 — The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. La función chain_reply de process.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2 permite a atacantes remotos provocar una denegación de servicio (referencia a pun... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d •
CVSS: 7.5EPSS: 5%CPEs: 104EXPL: 1CVE-2010-1642
https://notcve.org/view.php?id=CVE-2010-1642
17 Jun 2010 — The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. La función reply_sesssetup_and_X_spnego de sesssetup.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una lectura fuera de rango y ocasionar una denegación de servicio (caída... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 45%CPEs: 18EXPL: 3CVE-2010-0926 – Samba 3.4.5 - Symlink Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0926
09 Mar 2010 — The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. La configuración por defecto de smbd en Samba en versiones anteriores a v3.3.11, v3.4.x anterio... • https://packetstorm.news/files/id/180807 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 2%CPEs: 3EXPL: 0CVE-2010-0728
https://notcve.org/view.php?id=CVE-2010-0728
09 Mar 2010 — smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. smbd en Samba v3.3.11, v3.4.6, y v3.5.0, cuando el soporte libcap está activado, se ejecuta con la capacidad CAP_DAC_OVERRIDE, lo que permite a usuarios autenticados remotamente superar los permisos establecidos de archivos establecidos a través de operaciones filesyst... • http://lists.samba.org/archive/samba-announce/2010/000211.html • CWE-264: Permissions, Privileges, and Access Controls •