Page 9 of 56 results (0.021 seconds)

CVSS: 6.3EPSS: 0%CPEs: 251EXPL: 0

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. El servicio NETLOGON en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2, cuando un controlador de dominio está configurado, permite a atacantes remotos suplantar el nombre del computador de un dispositivo final de un canal seguro y obtener información sensible de sesión, ejecutando una aplicación manipulada y aprovechando la habilidad para husmear tráfico de red, un problema relacionado con CVE-2015-0005. It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. • http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html http://lists.opensuse.or • CWE-254: 7PK - Security Features CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simbólico, y después usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html http://lists.opensuse.org/opensuse-security-announce • CWE-284: Improper Access Control •

CVSS: 7.2EPSS: 1%CPEs: 9EXPL: 1

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. vfs.c en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3, cuando existen nombres de recursos compartidos con ciertas relaciones de subcadenas, permite a atacantes remotos eludir las restricciones de acceso a archivos destinadas a través de un enlace simbólico que apunta fuera de un recurso compartido. An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-41: Improper Resolution of Path Equivalence CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 admite conexiones que están cifradas pero no firmadas, lo que permite a atacantes man-in-the-middle llevar a cabo un ataque de degradación de cifrado-a-descifrado modificando el flujo de datos cliente-servidor, relacionado con clidfs.c, libsmb_server.c y smbXcli_base.c. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. La función shadow_copy2_get_shadow_copy_data en modules/vfs_shadow_copy2.c en Samba 3.x y 4.x en versiones anteriores a 4.1.22, 4.2.x en versiones anteriores a 4.2.7 y 4.3.x en versiones anteriores a 4.3.3 no verifica que el privilegio de acceso al DIRECTORY_LIST ha sido concedido, lo que permite a atacantes remotos acceder a instantáneas visitando un directorio shadow copy. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html http://lists.opensuse.org/opensuse-security-announce& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •