CVSS: 9.1EPSS: 8%CPEs: 20EXPL: 1CVE-2004-0815 – iDEFENSE Security Advisory 2004-09-30.t
https://notcve.org/view.php?id=CVE-2004-0815
07 Oct 2004 — The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. La función unix_clena_name en Samba 2.2.x a 2.2.11, y 3.0.x anterirores a 3.0.2a, recorta ciertos nombres de directorio a sus rutas absolutas, lo que podría permitir a atacantes evitar la restricticiones de espe... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 •
CVSS: 7.5EPSS: 9%CPEs: 27EXPL: 0CVE-2004-0807 – samba30x.txt
https://notcve.org/view.php?id=CVE-2004-0807
13 Sep 2004 — Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. Samba 3.0.x is susceptible to multiple denial of services bugs that can remotely crash the daemons nmbd and smbd. • ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2004-0808 – 09.13.04a.txt
https://notcve.org/view.php?id=CVE-2004-0808
13 Sep 2004 — The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. Remote exploitation of an input validation error in Samba allows an attacker to crash the Samba nmbd server. The vendor has confirmed that Samba 3.0.x prior to and including v3.0.6 are vulnerable. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 •
CVSS: 9.8EPSS: 15%CPEs: 5EXPL: 0CVE-2004-0686 – sambaOverruns.txt
https://notcve.org/view.php?id=CVE-2004-0686
22 Jul 2004 — Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Desbordamiento de búfer en Samba 2.2.x a 2.2.9 y 3.0.0 a 3.0.4, cuando la opción "mangling method = hash" está establecida en smb.conf, con impacto y vectores de ataque desconocidos. Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2004-0082
https://notcve.org/view.php?id=CVE-2004-0082
03 Mar 2004 — The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. mksmbpasswd en Samba 3.0.0 y 3.0.1, cuando se crea una cuenta pero se marca como desactivada, puede sobreescribir la contraseña de usaurio con un búfer sin inicializar, lo que podría activar la cuenta con una contraseña más facil de adivinar. • http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt •