CVSS: 6.5EPSS: 4%CPEs: 2EXPL: 0CVE-2019-12436 – Ubuntu Security Notice USN-4018-1
https://notcve.org/view.php?id=CVE-2019-12436
19 Jun 2019 — Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit. Samba versión 4.10.x anterior a 4.10.5, presenta una desreferencia de puntero NULL, lo que conlleva a una denegación de servicio del servidor LDAP DC basado en AD. Esto está relacionado con un atacante que utiliza el control de búsqueda paginado. • http://www.securityfocus.com/bid/108823 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2018-16860 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2018-16860
14 May 2019 — A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. Se encontró un fallo en la implementación de Heimdal KDC de samba, versione... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 1CVE-2019-3870
https://notcve.org/view.php?id=CVE-2019-3870
09 Apr 2019 — A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a s... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 3%CPEs: 10EXPL: 0CVE-2019-3880 – samba: save registry file outside share as unprivileged user
https://notcve.org/view.php?id=CVE-2019-3880
08 Apr 2019 — A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 8%CPEs: 6EXPL: 0CVE-2019-3824 – Debian Security Advisory 4397-1
https://notcve.org/view.php?id=CVE-2019-3824
27 Feb 2019 — A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 6%CPEs: 1EXPL: 0CVE-2018-16852 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16852
28 Nov 2018 — Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. Samba, desde la versión 4.9.0 antes d... • http://www.securityfocus.com/bid/106024 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2018-16853 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16853
28 Nov 2018 — Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --wit... • http://www.securityfocus.com/bid/106026 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 2%CPEs: 1EXPL: 0CVE-2018-16857 – Slackware Security Advisory - samba Updates
https://notcve.org/view.php?id=CVE-2018-16857
28 Nov 2018 — Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade. Samba, desde la versión 4.9... • http://www.securityfocus.com/bid/106024 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.5EPSS: 10%CPEs: 10EXPL: 1CVE-2018-14629 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-14629
27 Nov 2018 — A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 6%CPEs: 9EXPL: 0CVE-2018-16841 – Debian Security Advisory 4345-1
https://notcve.org/view.php?id=CVE-2018-16841
27 Nov 2018 — Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the ... • http://www.securityfocus.com/bid/106023 • CWE-415: Double Free CWE-416: Use After Free •