VuXML ID | Description |
6f4d96c0-4062-11e7-b291-b499baebfeaf | samba -- remote code execution vulnerability
The samba project reports:
Remote code execution from a writable share.
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload
a shared library to a writable share, and then cause the server to
load and execute it.
Discovery 2017-05-24 Entry 2017-05-24 samba42
< 4.2.15
samba43
< 4.3.14
samba44
< 4.4.14
samba45
< 4.5.10
samba46
< 4.6.4
https://www.samba.org/samba/security/CVE-2017-7494.html
CVE-2017-7494
|
85851e4f-67d9-11e7-bc37-00505689d4ae | samba -- Orpheus Lyre mutual authentication validation bypass
The samba project reports:
A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by
returning malicious replication or authorization data.
Discovery 2017-07-12 Entry 2017-07-12 samba42
< 4.2.15
samba43
< 4.3.14
samba44
< 4.4.15
samba45
< 4.5.12
samba46
< 4.6.6
https://www.samba.org/samba/security/CVE-2017-11103.html
CVE-2017-11103
|
54976998-f248-11e8-81e2-005056a311d1 | samba -- multiple vulnerabilities
The samba project reports:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
Discovery 2018-08-14 Entry 2018-08-14 samba46
le 4.6.16
samba47
< 4.7.12
samba48
< 4.8.7
samba49
< 4.9.3
https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14629
https://www.samba.org/samba/security/CVE-2018-16841.html
CVE-2018-16841
https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16851
https://www.samba.org/samba/security/CVE-2018-16852.html
CVE-2018-16852
https://www.samba.org/samba/security/CVE-2018-16853.html
CVE-2018-16853
https://www.samba.org/samba/security/CVE-2018-16857.html
CVE-2018-16857
|
793a0072-7822-11e9-81e2-005056a311d1 | samba -- multiple vulnerabilities
The samba project reports:
The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
did not first confirm that the checksum was keyed, allowing replacement of the
requested target (client) principal
Authenticated users with write permission can trigger a symlink traversal to write
or detect files outside the Samba share.
Discovery 2019-05-14 Entry 2019-05-14 samba46
le 4.6.16
samba47
le 4.7.12
samba48
< 4.8.12
samba49
< 4.9.8
samba410
< 4.10.3
https://www.samba.org/samba/security/CVE-2018-16860.html
CVE-2018-16860
https://www.samba.org/samba/security/CVE-2019-3880.html
CVE-2019-3880
|
fb26f78a-26a9-11e8-a1c2-00505689d4ae | samba -- multiple vulnerabilities
The samba project reports:
Missing null pointer checks may crash the external
print server process.
On a Samba 4 AD DC any authenticated user can change
other user's passwords over LDAP, including the
passwords of administrative users and service accounts.
Discovery 2018-01-03 Entry 2018-03-13 samba44
< 4.4.17
samba45
< 4.5.16
samba46
< 4.6.14
samba47
< 4.7.6
https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1050
https://www.samba.org/samba/security/CVE-2018-1057.html
CVE-2018-1057
|
c4e9a427-9fc2-11e8-802a-000c29a1e3ec | samba -- multiple vulnerabilities
The samba project reports:
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server to overwrite
client heap memory by returning an extra long filename in a directory
listing.
Missing database output checks on the returned directory attributes
from the LDB database layer cause the DsCrackNames call in the DRSUAPI
server to crash when following a NULL pointer.
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
Discovery 2018-08-14 Entry 2018-08-14 samba46
< 4.6.16
samba47
< 4.7.9
samba48
< 4.8.4
https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1139
https://www.samba.org/samba/security/CVE-2018-1140.html
CVE-2018-1140
https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10858
https://www.samba.org/samba/security/CVE-2018-10918.html
CVE-2018-10918
https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10919
|