CVSS: 6.5EPSS: 7%CPEs: 10EXPL: 0CVE-2018-16851 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16851
27 Nov 2018 — Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desd... • http://www.securityfocus.com/bid/106027 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 15%CPEs: 1EXPL: 0CVE-2018-1140 – Gentoo Linux Security Advisory 202003-52
https://notcve.org/view.php?id=CVE-2018-1140
22 Aug 2018 — A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable Se ha detectado la ausencia de medidas de saneamiento de entradas en la implementación de la base de datos LDP utilizada para el servidor LDAP. Un atacante podría usar este fallo para causar una denegación de servicio... • http://www.securityfocus.com/bid/105082 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-10918 – Gentoo Linux Security Advisory 202003-52
https://notcve.org/view.php?id=CVE-2018-10918
15 Aug 2018 — A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. Se ha detectado una vulnerabilidad de desreferencia de puntero NULL en la manera en la que samba comprobaba las salidas de la base de datos desde la capa de la base de datos LDB. Un atacante autenticado podría utilizar ... • http://www.securityfocus.com/bid/105083 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 2%CPEs: 8EXPL: 0CVE-2018-1139 – samba: Weak authentication protocol regression
https://notcve.org/view.php?id=CVE-2018-1139
15 Aug 2018 — A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. Se ha detectado un fallo en la manera en la que samba en versiones anteriores a la 4.7.9 y 4.8.4 permitía el uso de la autenticación NTLMv1 débil incluso cuando NTLMv1 estaba explícitamente deshabilitado. Un atacante Man-in-the-Middl... • http://www.securityfocus.com/bid/105084 • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 7%CPEs: 12EXPL: 0CVE-2018-10858 – samba: Insufficient input validation in libsmbclient
https://notcve.org/view.php?id=CVE-2018-10858
14 Aug 2018 — A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provoca... • http://www.securityfocus.com/bid/105085 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 0CVE-2018-10919 – Gentoo Linux Security Advisory 202003-52
https://notcve.org/view.php?id=CVE-2018-10919
14 Aug 2018 — The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. El servidor Samba Active Directory LDAP era vulnerable a una divulgación de información debido a la ausencia de comprobaciones de control de acceso. Un atacante autenticado podría utilizar este fallo pa... • http://www.securityfocus.com/bid/105081 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 25%CPEs: 16EXPL: 0CVE-2018-1050 – samba: NULL pointer dereference in printer server process
https://notcve.org/view.php?id=CVE-2018-1050
13 Mar 2018 — All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. Todas las versiones de Samba, desde la 4.0.0 en adelante, son vulnerables a un ataque de denegación de servicio (DoS) cuando el servicio RPC spoolss se configura para ejecutarse como demonio externo. La falta de com... • http://www.securityfocus.com/bid/103387 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 5%CPEs: 7EXPL: 0CVE-2018-1057 – Samba 4.x Password Change
https://notcve.org/view.php?id=CVE-2018-1057
13 Mar 2018 — On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). En Samba 4 AD DC, el servidor LDAP en todas las versiones de Samba, desde la 4.0.0 en adelante, valida incorrectamente los permisos para modificar contraseñas por LDAP. Esto permite que usuarios autenticados cambie... • http://www.securityfocus.com/bid/103382 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 44%CPEs: 15EXPL: 0CVE-2017-15275 – samba: Server heap-memory disclosure
https://notcve.org/view.php?id=CVE-2017-15275
21 Nov 2017 — Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-c... • http://www.securityfocus.com/bid/101908 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 37%CPEs: 16EXPL: 0CVE-2017-14746 – samba: Use-after-free in processing SMB1 requests
https://notcve.org/view.php?id=CVE-2017-14746
21 Nov 2017 — Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Vulnerabilidad de uso de memoria previamente liberada en las versiones 4.x de Samba anteriores a la 4.7.3 permiten que atacantes remotos ejecuten código arbitrario mediante una petición SMB1. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash... • http://www.securityfocus.com/bid/101907 • CWE-416: Use After Free •