MidnightBSD

Advisories for samba

CVE-1999-0182 HIGH

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba *
CVE-1999-0810 HIGH

Denial of service in Samba NETBIOS name service daemon (nmbd).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.5
CVE-1999-0811 MEDIUM

Buffer overflow in Samba smbd program via a malformed message command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.4
CVE-1999-0812 HIGH

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.5
CVE-1999-1288 MEDIUM

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 1.1
samba samba 1.9.18
redhat linux *
caldera openlinux 1.3
turbolinux turbolinux *
caldera openlinux 1.0
caldera openlinux 1.2
CVE-2000-0935 HIGH

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.7
CVE-2000-0936 LOW

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.7
CVE-2000-0937 HIGH

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.7
CVE-2000-0938 MEDIUM

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.7
CVE-2000-0939 MEDIUM

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.7
CVE-2001-0406 LOW

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba *
CVE-2001-1162 HIGH

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.9
samba samba 2.0.7
hp cifs-9000_server a.01.05
samba samba 2.2.0
samba samba 2.0.6
samba samba 2.0.8
samba samba 2.0.5
hp cifs-9000_server a.01.06
CVE-2002-0080 LOW

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
redhat linux 6.2
redhat linux 7.0
redhat linux 7.2
samba rsync *
redhat linux 7.1
CVE-2002-1318 HIGH

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.1
sgi irix 6.5.16
sgi irix 6.5.10
sgi irix 6.5.11
sgi irix 6.5.18
sgi irix 6.5.5
samba samba 2.2.3
sgi irix 6.5.9
sgi irix 6.5.15
hp cifs-9000_server a.01.08.01
sgi irix 6.5
hp cifs-9000_server a.01.09
sgi irix 6.5.2
samba samba 2.2.2
sgi irix 6.5.17
sgi irix 6.5.13
sgi irix 6.5.12
sgi irix 6.5.4
hp cifs-9000_server a.01.08
samba samba 2.2.4
samba samba 2.2.5
sgi irix 6.5.3
samba samba 2.2.6
sgi irix 6.5.8
sgi irix 6.5.7
sgi irix 6.5.6
sgi irix 6.5.14
CVE-2002-2196 HIGH

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 2.0.5a
samba samba 2.2.1a
samba samba 1.9.18
samba samba 2.2.3a
samba samba 2.2.1
samba samba 2.2a
samba samba 1.9.17
samba samba 2.0.0
samba samba *
CVE-2003-0085 HIGH

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.10
samba samba 2.0.4
samba samba 2.0.9
samba samba 2.2.3a
samba samba 2.2.0
samba samba 2.0.3
samba samba 2.0.8
samba samba 2.0.0
samba samba 2.2.3
samba samba 2.2.1a
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.08.01
samba samba 2.0.1
samba samba 2.2.7a
hp cifs-9000_server a.01.09
samba samba 2.2.2
hp cifs-9000_server a.01.06
samba samba 2.0.7
samba samba 2.2.0a
hp cifs-9000_server a.01.08
samba samba 2.0.6
hp cifs-9000_server a.01.09.01
samba samba 2.0.5
samba samba 2.2.4
samba samba 2.2.5
hp cifs-9000_server a.01.07
samba samba 2.2.6
samba samba 2.0.2
samba samba 2.2.7
CVE-2003-0086 LOW

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.10
samba samba 2.0.4
samba samba 2.0.9
samba samba 2.0.7
samba samba 2.2.0a
samba samba 2.2.3a
samba samba 2.2.0
samba samba 2.0.6
samba samba 2.0.3
samba samba 2.0.8
samba samba 2.0.0
samba samba 2.0.5
samba samba 2.2.3
samba samba 2.2.4
samba samba 2.2.5
samba samba 2.2.1a
samba samba 2.0.1
samba samba 2.2.7a
samba samba 2.2.6
samba samba 2.0.2
samba samba 2.2.7
samba samba 2.2.2
CVE-2003-0196 HIGH

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.10
samba samba 2.0.4
compaq tru64 4.0d_pk9_bl17
samba samba 2.2.3a
samba samba 2.2.0
compaq tru64 4.0b
compaq tru64 5.0a_pk3_bl17
samba samba 2.0.8
samba samba 2.0.0
compaq tru64 5.0_pk4_bl17
hp cifs-9000_server a.01.09.02
samba samba 2.0.1
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1_pk4_bl18
hp cifs-9000_server a.01.09
sun sunos -
hp hp-ux 11.04
samba samba 2.2.2
hp cifs-9000_server a.01.06
compaq tru64 4.0g
sun solaris 2.5.1
hp hp-ux 11.22
compaq tru64 5.0_pk4_bl18
samba samba 2.0.7
samba samba 2.2.0a
sun solaris 9.0
compaq tru64 5.1a_pk1_bl1
samba samba 2.0.6
hp cifs-9000_server a.01.09.01
compaq tru64 5.1a_pk2_bl2
hp hp-ux 10.01
samba samba 2.2.4
compaq tru64 5.1_pk5_bl19
compaq tru64 5.1a
samba-tng samba-tng 0.3
compaq tru64 5.0f
samba-tng samba-tng 0.3.1
samba samba 2.2.8
samba samba 2.2.7
hp hp-ux 10.24
samba samba 2.0.9
compaq tru64 5.1b
sun sunos 5.5.1
sun sunos 5.7
sun solaris 8.0
hp hp-ux 11.11
samba samba 2.0.3
compaq tru64 5.1_pk3_bl17
compaq tru64 4.0f
compaq tru64 5.0a
samba samba 2.2.3
compaq tru64 5.1
samba samba 2.2.1a
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.08.01
samba samba 2.2.7a
sun solaris 7.0
compaq tru64 4.0g_pk3_bl17
sun sunos 5.8
sun solaris 2.6
hp cifs-9000_server a.01.08
hp hp-ux 11.00
compaq tru64 5.1b_pk1_bl1
samba samba 2.0.5
compaq tru64 4.0f_pk6_bl17
samba samba 2.2.5
compaq tru64 5.0
hp hp-ux 10.20
compaq tru64 4.0d
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.07
samba samba 2.2.6
samba samba 2.0.2
hp hp-ux 11.20
CVE-2003-0201 HIGH

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.10
samba samba 2.0.4
compaq tru64 4.0d_pk9_bl17
apple mac_os_x 10.2
samba samba 2.2.3a
samba samba 2.2.0
compaq tru64 4.0b
compaq tru64 5.0a_pk3_bl17
samba samba 2.0.8
samba samba 2.0.0
compaq tru64 5.0_pk4_bl17
hp cifs-9000_server a.01.09.02
samba samba 2.0.1
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1_pk4_bl18
hp cifs-9000_server a.01.09
sun sunos -
hp hp-ux 11.04
apple mac_os_x 10.2.2
hp cifs-9000_server a.01.06
compaq tru64 4.0g
sun solaris 2.5.1
hp hp-ux 11.22
compaq tru64 5.0_pk4_bl18
samba samba 2.0.7
samba samba 2.2.0a
sun solaris 9.0
compaq tru64 5.1a_pk1_bl1
samba samba 2.0.6
hp cifs-9000_server a.01.09.01
compaq tru64 5.1a_pk2_bl2
hp hp-ux 10.01
samba samba 2.2.4
compaq tru64 5.1_pk5_bl19
compaq tru64 5.1a
samba-tng samba-tng 0.3
compaq tru64 5.0f
samba-tng samba-tng 0.3.1
samba samba 2.2.8
samba samba 2.2.7
hp hp-ux 10.24
samba samba 2.0.9
compaq tru64 5.1b
sun sunos 5.5.1
sun sunos 5.7
sun solaris 8.0
hp hp-ux 11.11
samba samba 2.0.3
compaq tru64 5.1_pk3_bl17
compaq tru64 4.0f
compaq tru64 5.0a
compaq tru64 5.1
samba samba 2.2.1a
hp cifs-9000_server a.01.05
hp cifs-9000_server a.01.08.01
samba samba 2.2.7a
sun solaris 7.0
compaq tru64 4.0g_pk3_bl17
sun sunos 5.8
sun solaris 2.6
apple mac_os_x 10.2.4
apple mac_os_x 10.2.3
hp cifs-9000_server a.01.08
hp hp-ux 11.00
apple mac_os_x 10.2.1
compaq tru64 5.1b_pk1_bl1
samba samba 2.0.5
compaq tru64 4.0f_pk6_bl17
samba samba 2.2.5
compaq tru64 5.0
hp hp-ux 10.20
compaq tru64 4.0d
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.07
samba samba 2.2.6
samba samba 2.0.2
hp hp-ux 11.20
CVE-2003-1332 HIGH

Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba *
CVE-2004-0028 HIGH

jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba jitterbug 1.6.2
CVE-2004-0082 HIGH

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.1
samba samba 3.0.0
CVE-2004-0186 HIGH

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.0
linux linux_kernel 2.6_test9_cvs
samba samba 2.0
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
CVE-2004-0600 HIGH

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix secure_linux 2.0
samba samba 3.0.2a
samba samba 3.0.4
trustix secure_linux 2.1
trustix secure_linux 1.5
samba samba 3.0.2
samba samba 3.0.3
CVE-2004-0686 MEDIUM

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trustix secure_linux 2.0
trustix secure_linux 2.1
trustix secure_linux 1.5
samba samba *
CVE-2004-0807 MEDIUM

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
suse suse_linux 8.2
suse suse_linux 9.0
mandrakesoft mandrake_linux 10.0
conectiva linux 9.0
sgi samba 3.0.4
suse suse_linux 9.1
samba samba 3.0.0
samba samba 3.0.6
samba samba 3.0.2
samba samba 3.0.3
sgi samba 3.0
sgi samba 3.0.6
sgi samba 3.0.3
suse suse_linux 8.1
samba samba 3.0.4
samba samba 3.0.1
sgi samba 3.0.5
sgi samba 3.0.1
conectiva linux 10.0
samba samba 3.0.5
sgi samba 3.0.2
suse suse_linux 8
CVE-2004-0808 MEDIUM

The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
samba samba 3.0.4
samba samba 3.0.1
samba samba 3.0.0
samba samba 3.0.5
samba samba 3.0.6
samba samba 3.0.2
samba samba 3.0.3
CVE-2004-0815 HIGH

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
samba samba 2.2.11
samba samba 2.2.0a
samba samba 2.2.3a
samba samba 2.2.0
samba samba 2.2.8a
samba samba 3.0.0
samba samba 3.0.2
samba samba 2.2.3
samba samba 2.2.4
samba samba 2.2.5
samba samba 2.2.1a
samba samba 3.0.1
samba samba 2.2.7a
samba samba 2.2.6
samba samba 2.2a
samba samba 2.2.8
samba samba 2.2.7
samba samba 2.2.9
samba samba 2.2.2
CVE-2004-0829 MEDIUM

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.4
samba samba 2.2.3a
samba samba 2.2.0
samba samba 2.0.3
samba samba 2.0.0
samba samba 2.2.3
samba samba 2.0.1
samba samba 2.2.7a
samba samba 2.2.10
samba samba 2.2.9
samba samba 2.2.2
samba samba 2.0.7
samba samba 2.2.8a
samba samba 1.9.17
samba samba 2.0.6
samba samba 2.0.5
samba samba 2.2.4
samba samba 2.2.5
samba samba 2.0.5a
samba samba 1.9.18
samba samba 2.2.6
samba samba 2.2.1
samba samba 2.2.8
samba samba 2.0.2
samba samba 2.2.7
CVE-2004-0882 HIGH

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
samba samba 3.0.7
redhat enterprise_linux_desktop 3.0
ubuntu ubuntu_linux 4.1
redhat enterprise_linux 2.1
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
samba samba 3.0.0
samba samba 3.0.6
samba samba 3.0.2
samba samba 3.0.3
samba samba 3.0.4
redhat fedora_core core_2.0
samba samba 3.0.1
redhat fedora_core core_3.0
conectiva linux 10.0
samba samba 3.0.5
CVE-2004-0930 MEDIUM

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.7
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux 2.1
sgi samba 3.0.4
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
gentoo linux *
samba samba 3.0.0
samba samba 3.0.6
samba samba 3.0.3
sgi samba 3.0
sgi samba 3.0.6
sgi samba 3.0.3
samba samba 3.0.4
redhat fedora_core core_2.0
redhat fedora_core core_3.0
sgi samba 3.0.5
sgi samba 3.0.7
sgi samba 3.0.1
conectiva linux 10.0
samba samba 3.0.5
sgi samba 3.0.2
CVE-2004-1002 MEDIUM

Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
canonical ubuntu_linux 4.10
samba ppp 2.4.1
CVE-2004-1154 HIGH

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.0.10
samba samba 2.0.4
suse suse_linux 8.2
samba samba 2.2.3a
samba samba 2.2.0
samba samba 2.0.8
samba samba 2.0.0
trustix secure_linux 2.0
redhat fedora_core core_2.0
samba samba 2.0.1
samba samba 2.2.2
samba samba 2.2.11
samba samba 2.0.7
suse suse_linux 9.0
samba samba 2.2.0a
samba samba 2.2.8a
samba samba 2.0.6
samba samba 3.0.2
samba samba 3.0.3
samba samba 2.2.4
suse suse_linux 8.1
samba samba 3.0.1
samba samba 2.2.8
samba samba 2.2.12
samba samba 2.2.7
samba samba 3.0.2a
samba samba 3.0.9
samba samba 2.0.9
suse suse_linux 9.1
samba samba 2.0.3
samba samba 3.0.6
samba samba 2.2.3
samba samba 2.2.1a
samba samba 2.2.7a
samba samba 2.2.9
samba samba 3.0.5
samba samba 3.0.7
trustix secure_linux 2.2
suse suse_linux 1.0
trustix secure_linux 2.1
samba samba 3.0.0
samba samba 2.0.5
suse suse_linux 9.2
samba samba 2.2.5
samba samba 3.0.4
redhat fedora_core core_3.0
samba samba 2.2.6
samba samba 2.2a
samba samba 3.0.8
samba samba 2.0.2
CVE-2004-2546 MEDIUM

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
samba samba 2.2.3a
samba samba 2.0.0
trustix secure_linux 2.0
samba samba 2.2.1a
samba samba 2.2.7a
samba samba 2.2.10
samba samba 2.2.9
samba samba 3.0.5
samba samba 2.2.11
samba samba 2.2.8a
trustix secure_linux 2.1
samba samba 1.9.17
samba samba 3.0.0
samba samba 3.0.2
samba samba 3.0.3
samba samba 3.0.4
samba samba 2.0.5a
samba samba 1.9.18
samba samba 3.0.1
samba samba 2.2.1
samba samba 2.2a
samba samba 2.2.12
samba samba 2.0
CVE-2004-2687 HIGH

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apple xcode 1.5
samba samba *
CVE-2006-1059 LOW

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.21
samba samba 3.0.21b
samba samba 3.0.21c
samba samba 3.0.21a
CVE-2006-3403 MEDIUM

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.9
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.0.12
samba samba 3.0.21b
samba samba 3.0.6
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.0.13
samba samba 3.0.21a
samba samba 3.0.5
samba samba 3.0.17
samba samba 3.0.7
samba samba 3.0.21c
samba samba 3.0.10
samba samba 3.0.2
samba samba 3.0.3
samba samba 3.0.16
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.0.20a
samba samba 3.0.1
samba samba 3.0.15
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.11
samba samba 3.0.20b
CVE-2007-2447 MEDIUM

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.0.23c
samba samba 3.0.12
samba samba 3.0.21b
samba samba 3.0.24
samba samba 3.0.6
samba samba 3.0.20
samba samba 3.0.23d
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.0.13
samba samba 3.0.21a
samba samba 3.0.5
samba samba 3.0.17
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.0.23a
samba samba 3.0.21c
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.2
samba samba 3.0.3
samba samba 3.0.16
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.1
samba samba 3.0.15
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.11
samba samba 3.0.20b
CVE-2008-1720 HIGH

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba rsync 2.9.3
samba rsync 2.8.5
samba rsync 2.8.0
samba rsync 2.8.1
samba rsync 3.0.0
samba rsync 2.7.7
samba rsync 2.9.1
samba rsync 2.7.0
samba rsync 2.7.1
samba rsync 2.8.6
samba rsync 2.7.6
samba rsync 2.9.7
samba rsync 2.8.8
samba rsync 2.7.2
samba rsync 2.7.3
samba rsync 2.8.4
samba rsync 2.7.8
samba rsync 2.8.3
samba rsync 2.8.7
samba rsync 2.6.9
samba rsync 2.9.0
samba rsync 2.9.4
samba rsync 2.9.8
samba rsync 3.0.1
samba rsync 2.9.2
samba rsync 2.9.9
samba rsync 2.8.9
samba rsync 2.7.4
samba rsync 2.9.5
samba rsync 2.9.6
samba rsync 2.8.2
samba rsync 2.7.9
samba rsync 2.7.5
CVE-2009-2906 MEDIUM

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
canonical ubuntu_linux 8.10
samba samba 3.4.0
samba samba 3.4.1
canonical ubuntu_linux 6.06
samba samba *
CVE-2010-0547 LOW

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 2.2.0
samba samba 3.0.27a
samba samba *
samba samba 2.2.10
samba samba 3.0.13
samba samba 3.3.4
samba samba 2.2.2
samba samba 3.4.4
samba samba 2.2.0a
samba samba 3.0.26a
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 2.2.1
samba samba 3.3.0
samba samba 2.2.8
samba samba 2.2.7
samba samba 3.3.8
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.0.30
samba samba 3.0.26
samba samba 2.2.3
samba samba 3.0.23d
samba samba 3.3.6
samba samba 2.2.1a
samba samba 2.2.7a
samba samba 2.2.9
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.25
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 2.2.5
samba samba 3.0.4
samba samba 3.3.2
samba samba 2.2.6
samba samba 2.2a
samba samba 3.0.31
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.2.1
samba samba 2.2.3a
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.0.25b
samba samba 3.4.0
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 2.2.11
samba samba 2.2.8a
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.0.2
samba samba 3.0.27
samba samba 2.2.4
samba samba 3.2.4
samba samba 1.9.18
samba samba 3.0.1
samba samba 3.2.2
samba samba 2.2.12
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.0.28a
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.0.22
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.10
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 1.9.17
samba samba 3.3.1
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.11
samba samba 3.0.28
CVE-2010-0728 HIGH

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 3.3.11
samba samba 3.4.6
samba samba 3.5.0
CVE-2010-0787 MEDIUM

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
samba samba 3.0.22
samba samba 3.4.0
samba samba 3.0.28a
samba samba 3.2.3
samba samba 3.4.5
CVE-2010-0926 LOW

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
samba samba 3.4.4
samba samba 3.3.9
samba samba 3.4.2
samba samba 3.3.5
samba samba 3.4.3
samba samba 3.4.1
samba samba 3.5.0
samba samba 3.3.1
samba samba 3.3.7
samba samba 3.3.3
samba samba 3.4.5
samba samba 3.3.2
samba samba 3.3.6
samba samba 3.4.0
samba samba 3.3.0
samba samba 3.3.8
samba samba 3.3.4
samba samba 3.3.10
CVE-2010-1635 MEDIUM

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.0.27a
samba samba 3.5.0
samba samba *
samba samba 3.0.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.5
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.3.8
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.2
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.4
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.0.31
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.2.1
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.0.28a
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.3
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.10
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.0.28
CVE-2010-1642 MEDIUM

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.0.27a
samba samba 3.5.0
samba samba *
samba samba 3.0.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.5
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.3.8
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.2
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.4
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.0.31
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.2.1
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.0.28a
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.3
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.10
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.0.28
CVE-2010-2063 HIGH

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 6.06
samba samba *
CVE-2010-3069 HIGH

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 6.06
canonical ubuntu_linux 9.10
samba samba *
CVE-2011-0719 MEDIUM

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.5.0
samba samba 3.0.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.3.8
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.0.31
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.5.6
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.4.10
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.5.3
samba samba 3.3.14
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.0.28
CVE-2011-1097 MEDIUM

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba rsync 3.0.6
samba rsync 3.0.5
samba rsync 3.0.7
samba rsync 3.0.1
samba rsync 3.0.4
samba rsync 3.0.2
samba rsync 3.0.3
samba rsync 3.0.0
CVE-2011-1678 LOW

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba *
CVE-2011-2411 HIGH

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp nonstop_server_software h06.16.02
hp nonstop_server_software j06.10.01
hp nonstop_server_software j06.11.01
hp nonstop_server_software j06.09.00
hp nonstop_server_software j06.12.00
hp nonstop_server_software h06.15.02
hp nonstop_server_software j06.06.00
hp nonstop_server_software h06.22.00
samba samba *
hp nonstop_server_software h06.20.01
hp nonstop_server_software h06.17.02
hp nonstop_server_software h06.16.01
hp nonstop_server_software h06.18.00
hp nonstop_server_software j06.08.00
hp nonstop_server_software j06.04.02
hp nonstop_server_software j06.05.02
hp nonstop_server_software j06.07.01
hp nonstop_server_software h06.20.03
hp nonstop_server_software h06.19.01
hp nonstop_server_software j06.05.00
hp nonstop_server_software h06.18.02
hp nonstop_server_software h06.21.01
hp nonstop_server_software h06.15.00
hp nonstop_server_software j06.04.00
hp nonstop_server_software j06.06.01
hp nonstop_server_software j06.11.00
hp nonstop_server_software h06.22.01
hp nonstop_server_software h06.23.00
hp nonstop_server_software j06.09.03
hp nonstop_server *
hp nonstop_server_software h06.21.00
hp nonstop_server_software h06.21.02
hp nonstop_server_software j06.08.03
hp nonstop_server_software h06.20.00
hp nonstop_server_software h06.15.01
hp nonstop_server_software j06.07.02
hp nonstop_server_software j06.07.00
hp nonstop_server_software h06.19.03
hp nonstop_server_software h06.19.02
hp nonstop_server_software h06.20.02
hp nonstop_server_software j06.09.02
hp nonstop_server_software j06.10.02
hp nonstop_server_software j06.09.01
hp nonstop_server_software j06.08.02
hp nonstop_server_software j06.06.03
hp nonstop_server_software h06.17.00
hp nonstop_server_software j06.04.01
hp nonstop_server_software j06.10.00
hp nonstop_server_software h06.17.01
hp nonstop_server_software h06.17.03
hp nonstop_server_software h06.18.01
hp nonstop_server_software h06.19.00
hp nonstop_server_software h06.16.00
hp nonstop_server_software j06.05.01
hp nonstop_server_software j06.06.02
hp nonstop_server_software j06.08.01
CVE-2011-2522 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.10
canonical ubuntu_linux 8.04
debian debian_linux 6.0
debian debian_linux 7.0
debian debian_linux 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.04
samba samba *
CVE-2011-2694 LOW

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.10
canonical ubuntu_linux 8.04
debian debian_linux 6.0
debian debian_linux 7.0
debian debian_linux 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.04
samba samba *
CVE-2011-2724 LOW

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 2.0.4
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 2.2.0
samba samba 3.3.13
samba samba 3.5.0
samba samba 2.0.0
samba samba 3.4.12
samba samba *
samba samba 2.18.3
samba samba 2.0.1
samba samba 2.2.10
samba samba 3.0.13
samba samba 3.3.4
samba samba 2.2.2
samba samba 3.4.4
samba samba 2.2.0a
samba samba 3.0.26a
samba samba 2.0.6
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 2.2.1
samba samba 3.3.0
samba samba 2.2.8
samba samba 2.2.7
samba samba 3.3.8
samba samba 3.0.2a
samba samba 3.0.9
samba samba 2.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 2.2.3
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 2.2
samba samba 2.2.1a
samba samba 2.2.7a
samba samba 2.2.9
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 2.2.5
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.5.8
samba samba 2.2.6
samba samba 3.4.13
samba samba 2.2a
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.8
samba samba 3.0.14a
samba samba 2.0.2
samba samba 3.5.6
samba samba 3.0.20b
samba samba 2.0.10
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 2.2.3a
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 2.0.8
samba samba 3.0.25b
samba samba 3.4.10
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 2.2.11
samba samba 2.0.7
samba samba 2.2.8a
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.0.2
samba samba 3.0.27
samba samba 2.2.4
samba samba 3.2.4
samba samba 2.0.5a
samba samba 1.9.18
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.15
samba samba 2.2.12
samba samba 3.5.3
samba samba 2.0
samba samba 3.3.14
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.5.5
samba samba 2.0.3
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.5.9
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 1.9.17
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 2.0.5
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.0.28
CVE-2011-3585 LOW

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
redhat enterprise_linux 4.0
samba samba 3.6.0
redhat enterprise_linux 5.0
CVE-2012-0817 MEDIUM

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
samba samba 3.6.2
samba samba 3.6.1
samba samba 3.6.0
CVE-2012-0870 HIGH

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
rim blackberry_playbook_os 1.0.5
rim blackberry_playbook_os 1.0.8.4985
rim blackberry_playbook_os *
rim blackberry_playbook_tablet -
rim blackberry_playbook_os 1.0.3
rim blackberry_playbook_os 1.0
rim blackberry_playbook_os 1.0.7.3312
samba samba 3.0.0
rim blackberry_playbook_os 1.0.7
rim blackberry_playbook_os 1.0.7.2942
rim blackberry_playbook_os 1.0.8.6067
rim blackberry_playbook_os 1.0.6
CVE-2012-1182 HIGH

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.5.0
samba samba 3.4.12
samba samba *
samba samba 3.0.13
samba samba 3.5.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.6.0
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.13
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.5.6
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.4.10
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.5.10
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.15
samba samba 3.5.3
samba samba 3.3.14
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.5.9
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.0.28
CVE-2012-2111 MEDIUM

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 3.5.11
samba samba 3.4.2
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.4.6
samba samba 3.5.5
samba samba 3.4.11
samba samba 3.5.0
samba samba 3.4.12
samba samba 3.4.5
samba samba 3.4.7
samba samba 3.6.4
samba samba 3.5.14
samba samba 3.4.15
samba samba 3.4.10
samba samba 3.4.0
samba samba 3.5.9
samba samba 3.5.13
samba samba 3.6.0
samba samba 3.4.4
samba samba 3.4.8
samba samba 3.4.16
samba samba 3.4.3
samba samba 3.4.9
samba samba 3.4.1
samba samba 3.5.10
samba samba 3.5.2
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.14
samba samba 3.4.13
samba samba 3.6.1
samba samba 3.5.7
samba samba 3.5.12
samba samba 3.5.3
samba samba 3.5.6
CVE-2012-6150 LOW

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
samba samba *
canonical ubuntu_linux 13.10
CVE-2013-0172 LOW

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 4.0.0
CVE-2013-0213 MEDIUM

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.5.17
samba samba 3.6.7
samba samba 3.5.0
samba samba 3.4.12
samba samba 3.6.6
samba samba 3.5.15
samba samba 3.5.18
samba samba 3.0.13
samba samba 3.5.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.6.5
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.6.8
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.6.11
samba samba 3.6.0
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.13
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.5.6
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.6.4
samba samba 3.4.15
samba samba 3.4.10
samba samba 3.4.17
samba samba 3.4.0
samba samba 3.3.11
samba samba 4.0.0
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.16
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.5.10
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.15
samba samba 3.5.3
samba samba 3.3.14
samba samba 3.5.19
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.5.9
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.5.20
samba samba 3.0.28
CVE-2013-0214 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 3.0.14
samba samba 3.0.21
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.5.17
samba samba 3.6.7
samba samba 3.5.0
samba samba 3.4.12
samba samba 3.6.6
samba samba 3.5.15
samba samba 3.5.18
samba samba 3.0.13
samba samba 3.5.13
samba samba 3.3.4
samba samba 3.4.4
samba samba 3.0.26a
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.6.5
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.6.8
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.6.11
samba samba 3.6.0
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.13
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.5.6
samba samba 3.0.20b
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.6.4
samba samba 3.4.15
samba samba 3.4.10
samba samba 3.4.17
samba samba 3.4.0
samba samba 3.3.11
samba samba 4.0.0
samba samba 3.0.21a
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.16
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.5.10
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.15
samba samba 3.5.3
samba samba 3.3.14
samba samba 3.5.19
samba samba 3.3.9
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.5.9
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.5.20
samba samba 3.0.28
CVE-2013-0454 MEDIUM

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 3.6.4
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.6.1
samba samba 3.6.0
canonical ubuntu_linux 12.04
samba samba *
ibm storwize v7000
CVE-2013-1863 MEDIUM

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 4.0.1
samba samba 4.0.3
samba samba 4.0.2
samba samba 4.0.0
CVE-2013-4124 MEDIUM

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 3.0.14
samba samba 3.0.21
samba samba 4.0.5
samba samba 3.2.15
samba samba 3.3.13
fedoraproject fedora 19
samba samba 3.5.17
samba samba 3.6.7
samba samba 3.5.0
samba samba 3.4.12
samba samba 3.6.6
samba samba 3.5.21
samba samba 3.5.15
samba samba 3.5.18
samba samba 3.0.13
samba samba 3.5.13
canonical ubuntu_linux 12.04
samba samba 3.3.4
samba samba 3.4.4
samba samba 4.0.2
samba samba 3.0.26a
samba samba 4.0.4
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.6.5
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.6.8
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 3.4.7
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.13
samba samba 3.0.31
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.6.4
samba samba 3.4.15
samba samba 3.4.10
samba samba 3.4.17
samba samba 3.4.0
samba samba 3.3.11
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 3.6.14
samba samba 3.0.35
fedoraproject fedora 18
samba samba 3.2.0
samba samba 3.4.16
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.5.10
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
opensuse opensuse 12.2
samba samba 3.0.1
samba samba 3.2.2
samba samba 3.3.15
samba samba 4.0.6
canonical ubuntu_linux 10.04
samba samba 3.3.14
samba samba 3.5.19
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
redhat enterprise_linux 5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.6.15
canonical ubuntu_linux 12.10
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.3.10
opensuse opensuse 12.3
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
canonical ubuntu_linux 13.04
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.5.20
samba samba 3.0.28
CVE-2013-4408 HIGH

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 3.3.16
samba samba 3.0.14
samba samba 4.0.9
samba samba 3.0.21
samba samba 4.0.5
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.5.17
samba samba 3.6.7
samba samba 3.5.0
samba samba 3.4.12
samba samba 3.6.6
samba samba 3.5.21
samba samba 3.5.15
samba samba 3.5.18
samba samba 3.0.13
samba samba 3.5.13
samba samba 3.3.4
samba samba 3.6.21
samba samba 3.4.4
samba samba 4.0.2
samba samba 3.0.26a
samba samba 3.6.18
samba samba 4.0.4
samba samba 3.6.17
samba samba 3.0.3
samba samba 3.0.23b
samba samba 3.6.5
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.12
samba samba 3.6.8
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.30
samba samba 3.0.26
samba samba 4.1.0
samba samba 3.4.7
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.0.23d
samba samba 3.3.6
samba samba 3.6.19
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 3.0.17
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.7
samba samba 3.0.25
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 3.0.23
samba samba 3.0.0
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.0.18
samba samba 3.3.2
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.4.13
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.8
samba samba 3.0.14a
samba samba 3.5.6
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.0.21b
samba samba 3.2.11
samba samba 3.4.6
samba samba 3.0.25b
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.4.15
samba samba 3.4.10
samba samba 3.4.17
samba samba 3.4.0
samba samba 3.3.11
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 3.6.14
samba samba 3.0.35
samba samba 3.2.0
samba samba 3.4.16
samba samba 4.1.2
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.4.1
samba samba 3.2.6
samba samba 3.5.10
samba samba 3.0.2
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.0.1
samba samba 3.2.2
samba samba 4.1.1
samba samba 3.3.15
samba samba 4.0.6
samba samba 3.5.3
samba samba 4.0.11
samba samba 3.3.14
samba samba 3.5.19
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.6.15
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.0.33
samba samba 3.2.12
samba samba 3.5.9
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.6.20
samba samba 3.3.10
samba samba 3.4.8
samba samba 3.2.8
samba samba 3.4.3
samba samba 3.0.23a
samba samba 3.2.5
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 3.3.3
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.1.0
samba samba 3.0.11
samba samba 3.5.20
samba samba 3.0.28
CVE-2013-4475 MEDIUM

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
debian debian_linux 6.0
debian debian_linux 7.0
canonical ubuntu_linux 13.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
samba samba *
canonical ubuntu_linux 13.10
samba samba 4.1.0
CVE-2013-4476 LOW

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.0.3
samba samba 4.0.5
samba samba 4.0.2
samba samba 4.0.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.1
samba samba 4.0.6
samba samba 4.0.0
samba samba 4.0.7
CVE-2013-4496 MEDIUM

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
samba samba *
canonical ubuntu_linux 13.10
CVE-2013-6442 MEDIUM

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.1.2
samba samba 4.0.3
samba samba 4.0.5
samba samba 4.0.2
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.1
samba samba 4.0.12
samba samba 4.1.1
samba samba 4.0.6
samba samba 4.0.0
samba samba 4.0.15
samba samba 4.1.3
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.1.5
samba samba 4.0.11
samba samba 4.0.13
CVE-2014-0178 LOW

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
samba samba 3.6.12
samba samba 3.6.8
samba samba 3.6.10
samba samba 3.6.7
samba samba *
samba samba 4.1.0
samba samba 3.6.6
samba samba 3.6.13
samba samba 3.6.15
samba samba 3.6.22
samba samba 3.6.16
samba samba 3.6.19
samba samba 4.1.6
samba samba 3.6.14
samba samba 4.1.4
samba samba 3.6.11
samba samba 3.6.20
samba samba 3.6.21
samba samba 3.6.23
samba samba 4.1.2
samba samba 3.6.9
samba samba 3.6.18
samba samba 3.6.17
samba samba 4.1.1
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.1.7
CVE-2014-0239 MEDIUM

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba *
CVE-2014-0244 LOW

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 3.6.12
samba samba 4.0.5
samba samba 3.6.10
samba samba 3.6.7
samba samba 4.0.18
samba samba 4.1.8
samba samba 3.6.4
samba samba 3.6.6
samba samba 4.0.12
samba samba 3.6.22
samba samba 4.0.0
samba samba 3.6.16
samba samba 4.1.6
samba samba 3.6.14
samba samba 3.6.21
samba samba 4.1.2
samba samba 3.6.9
samba samba 4.0.2
samba samba 3.6.18
samba samba 4.0.14
samba samba 4.0.4
samba samba 3.6.17
samba samba 4.0.16
samba samba 3.6.5
samba samba 4.1.1
samba samba 3.6.1
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 4.0.3
samba samba 3.6.8
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.6.13
samba samba 3.6.15
samba samba 3.6.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 3.6.20
samba samba 3.6.23
samba samba 4.0.13
samba samba 4.0.1
samba samba 3.6.2
samba samba 3.6.3
samba samba 4.1.7
CVE-2014-2855 HIGH

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
samba rsync 2.9.3
samba rsync 2.8.5
samba rsync 2.8.0
samba rsync 3.0.4
samba rsync 3.0.8
samba rsync 2.8.1
samba rsync 3.0.2
samba rsync 3.0.0
samba rsync 3.0.9
samba rsync 3.0.6
samba rsync 3.0.7
samba rsync 2.7.7
samba rsync 2.9.1
samba rsync 2.7.0
samba rsync 2.7.1
samba rsync 2.8.6
samba rsync 2.7.6
samba rsync 2.9.7
samba rsync 2.8.8
samba rsync 2.7.2
samba rsync 2.7.3
samba rsync 2.8.4
samba rsync 2.7.8
samba rsync 2.8.3
samba rsync 2.8.7
samba rsync 3.0.5
samba rsync 2.6.9
samba rsync 2.9.0
samba rsync 2.9.4
samba rsync 2.9.8
samba rsync 3.0.1
samba rsync 2.9.2
samba rsync 2.9.9
samba rsync *
samba rsync 2.8.9
samba rsync 3.0.3
samba rsync 2.7.4
samba rsync 2.9.5
samba rsync 2.9.6
samba rsync 2.8.2
samba rsync 2.7.9
samba rsync 2.7.5
CVE-2014-3493 LOW

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 3.6.12
samba samba 4.0.5
samba samba 3.6.10
samba samba 3.6.7
samba samba 4.0.18
samba samba 4.1.8
samba samba 3.6.4
samba samba 3.6.6
samba samba 4.0.12
samba samba 3.6.22
samba samba 4.0.0
samba samba 3.6.16
samba samba 4.1.6
samba samba 3.6.14
samba samba 3.6.21
samba samba 4.1.2
samba samba 3.6.9
samba samba 4.0.2
samba samba 3.6.18
samba samba 4.0.14
samba samba 4.0.4
samba samba 3.6.17
samba samba 4.0.16
samba samba 3.6.5
samba samba 4.1.1
samba samba 3.6.1
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 4.0.3
samba samba 3.6.8
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.6.13
samba samba 3.6.15
samba samba 3.6.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 3.6.20
samba samba 3.6.23
samba samba 4.0.13
samba samba 4.0.1
samba samba 3.6.2
samba samba 3.6.3
samba samba 4.1.7
CVE-2014-3560 HIGH

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
samba samba 4.0.9
samba samba 4.0.3
samba samba 4.0.5
samba samba 4.1.10
samba samba 4.0.18
samba samba 4.1.0
samba samba 4.1.8
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.12
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.13
samba samba 4.1.2
samba samba 4.0.2
redhat enterprise_linux 7.0
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.0.1
redhat enterprise_linux 6.0
samba samba 4.1.9
samba samba 4.1.1
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 4.1.7
CVE-2014-8143 HIGH

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.0.3
samba samba 4.0.5
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.0
samba samba 4.1.8
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.12
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.0.15
samba samba 4.2.0
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.1.2
samba samba 4.0.21
samba samba 4.1.15
samba samba 4.0.2
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.0.1
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 4.1.7
CVE-2014-9512 MEDIUM

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
opensuse opensuse 13.1
oracle solaris 10.0
oracle solaris 11.3
samba rsync 3.1.1
CVE-2015-0240 HIGH

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 4.0.5
samba samba 3.6.10
samba samba 3.5.17
samba samba 4.1.10
samba samba 4.1.11
samba samba 3.5.0
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 3.5.21
samba samba 3.6.22
samba samba 3.5.15
samba samba 3.5.18
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 3.5.13
samba samba 3.6.16
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.6.14
canonical ubuntu_linux 12.04
samba samba 3.6.21
samba samba 4.1.2
samba samba 3.5.16
samba samba 4.0.21
samba samba 4.0.2
samba samba 3.6.18
redhat enterprise_linux 7.0
samba samba 3.5.10
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 3.6.17
samba samba 4.0.16
samba samba 3.5.22
redhat enterprise_linux 6.0
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 3.6.1
samba samba 4.0.6
samba samba 3.5.12
samba samba 4.1.3
samba samba 3.5.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 3.5.19
canonical ubuntu_linux 14.04
samba samba 3.5.11
samba samba 4.0.3
samba samba 3.5.5
redhat enterprise_linux 5
novell suse_linux_enterprise_server 12
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.6.13
samba samba 3.5.14
samba samba 4.0.20
samba samba 3.6.15
samba samba 3.5.9
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.0.15
novell suse_linux_enterprise_software_development_kit 12
samba samba 4.1.4
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 3.6.20
samba samba 4.0.23
canonical ubuntu_linux 14.10
samba samba 3.6.23
samba samba 4.0.13
samba samba 4.1.15
samba samba 3.5.2
samba samba 3.5.8
samba samba 4.0.1
samba samba 3.6.2
samba samba 3.5.7
samba samba 3.6.24
samba samba 3.5.6
samba samba 3.5.20
samba samba 4.1.7
novell suse_linux_enterprise_desktop 12
CVE-2015-3223 MEDIUM

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,CWE-399,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
samba samba 4.0.5
samba samba 4.2.3
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.2.0
samba samba 4.1.2
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.2.5
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.1.17
samba samba 4.0.11
samba samba 4.2.6
samba samba 4.3.2
samba samba 4.3.1
samba samba 4.0.3
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.1.15
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.4
samba samba 4.2.2
samba samba 4.0.1
samba samba 4.1.21
samba samba 4.1.7
CVE-2015-5252 MEDIUM

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2015-5296 MEDIUM

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N 2.2 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2015-5299 MEDIUM

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2015-5330 MEDIUM

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
samba samba 4.0.5
samba samba 4.2.3
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.2.0
samba samba 4.1.2
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.2.5
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.1.17
samba samba 4.0.11
samba samba 4.2.6
samba samba 4.3.2
samba samba 4.3.1
samba samba 4.0.3
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.1.15
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.4
samba samba 4.2.2
samba samba 4.0.1
samba samba 4.1.21
samba samba 4.1.7
CVE-2015-5370 MEDIUM

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
canonical ubuntu_linux 16.04
samba samba 4.0.5
samba samba 4.2.3
samba samba 3.6.7
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.8
samba samba 3.6.6
samba samba 4.1.12
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.6.21
samba samba 4.0.25
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 3.6.18
samba samba 4.0.4
samba samba 3.6.17
samba samba 4.0.16
samba samba 3.6.5
samba samba 4.2.8
samba samba 4.1.9
samba samba 4.1.14
samba samba 4.0.24
samba samba 3.6.1
samba samba 4.1.23
samba samba 4.1.17
samba samba 4.2.6
canonical ubuntu_linux 15.10
samba samba 4.3.1
samba samba 3.6.8
samba samba 4.3.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.1.4
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.6.0
samba samba 4.0.23
samba samba 3.6.23
samba samba 4.0.13
samba samba 4.1.15
samba samba 4.2.7
samba samba 4.2.2
samba samba 3.6.2
samba samba 3.6.3
samba samba 3.6.25
samba samba 3.6.12
samba samba 4.2.9
samba samba 3.6.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.6.22
samba samba 4.1.16
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.6.14
samba samba 4.3.3
samba samba 4.1.2
samba samba 3.6.9
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.2.5
samba samba 4.1.13
samba samba 4.1.1
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
canonical ubuntu_linux 14.04
samba samba 4.3.2
samba samba 4.0.3
samba samba 3.6.13
samba samba 3.6.15
samba samba 4.0.15
samba samba 3.6.20
samba samba 4.4.0
samba samba 4.0.26
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.4
samba samba 4.3.6
samba samba 4.0.1
samba samba 4.1.21
samba samba 3.6.24
samba samba 4.1.7
samba samba 4.3.5
CVE-2015-7540 MEDIUM

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2015-7560 MEDIUM

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
samba samba 4.4.0
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2015-8467 MEDIUM

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2016-0771 MEDIUM

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
samba samba 4.0.5
samba samba 4.2.3
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.2.0
samba samba 4.3.3
samba samba 4.1.2
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.2.5
samba samba 4.2.8
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.1.17
samba samba 4.0.11
samba samba 4.2.6
samba samba 4.3.2
samba samba 4.3.1
samba samba 4.0.3
samba samba 4.3.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.4.0
samba samba 4.1.15
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.7
samba samba 4.2.4
samba samba 4.2.2
samba samba 4.0.1
samba samba 4.1.21
samba samba 4.1.7
samba samba 4.3.5
CVE-2016-2110 MEDIUM

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 4.0.9
canonical ubuntu_linux 16.04
samba samba 3.5.17
samba samba 3.6.7
samba samba 4.2.1
samba samba 4.1.10
samba samba 3.5.0
samba samba 3.6.6
samba samba 3.5.18
samba samba 3.5.13
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.3.4
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 3.0.26a
samba samba 4.0.4
samba samba 3.6.17
samba samba 3.0.3
samba samba 3.6.5
samba samba 4.2.8
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 4.1.9
samba samba 4.1.14
samba samba 4.0.24
samba samba 4.1.23
canonical ubuntu_linux 15.10
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 4.3.1
samba samba 3.0.12
samba samba 3.6.8
samba samba 4.3.4
samba samba 3.0.30
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.0.23d
samba samba 3.3.6
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.1.4
samba samba 3.6.0
samba samba 4.0.23
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.25
samba samba 4.1.15
samba samba 3.0.23
samba samba 3.0.0
samba samba 4.2.2
samba samba 3.0.18
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.4.13
samba samba 3.0.8
samba samba 3.5.6
samba samba 3.6.25
samba samba 4.2.9
samba samba 3.0.21b
samba samba 3.4.6
samba samba 4.1.11
samba samba 4.0.18
samba samba 3.0.25b
samba samba 3.6.22
samba samba 3.4.10
samba samba 3.4.17
samba samba 4.1.16
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.6.14
samba samba 3.0.35
samba samba 3.2.0
samba samba 4.1.2
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.2.6
samba samba 3.5.10
samba samba 4.0.14
samba samba 3.0.2
samba samba 4.2.5
samba samba 3.0.1
samba samba 4.1.13
samba samba 3.3.15
samba samba 4.1.3
samba samba 3.3.14
samba samba 4.3.2
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.6.20
samba samba 3.3.10
samba samba 3.4.8
samba samba 4.4.0
samba samba 4.0.26
samba samba 3.0.23a
samba samba 4.1.18
samba samba 4.1.19
samba samba 3.2.5
samba samba 4.2.4
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 4.3.6
samba samba 3.3.3
samba samba 4.1.21
samba samba 3.0.11
samba samba 3.5.20
samba samba 4.1.7
samba samba 4.3.5
samba samba 3.3.16
samba samba 4.3.0
samba samba 3.0.21
samba samba 4.0.5
samba samba 4.2.3
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.4.12
samba samba 4.1.8
samba samba 3.5.21
samba samba 3.5.15
samba samba 4.1.12
samba samba 3.0.13
samba samba 3.6.21
samba samba 3.4.4
samba samba 4.0.25
samba samba 3.6.18
samba samba 4.0.16
samba samba 3.0.23b
samba samba 3.5.22
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 4.1.17
samba samba 4.2.6
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.26
samba samba 3.4.7
samba samba 4.0.20
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.0.17
samba samba 3.6.23
samba samba 4.0.13
samba samba 3.0.7
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 4.2.7
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.3.2
samba samba 3.6.3
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.2.11
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.4.15
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 4.3.3
samba samba 3.4.16
samba samba 3.4.1
samba samba 4.0.22
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.2.2
samba samba 4.1.1
samba samba 4.0.6
samba samba 3.5.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 3.5.19
canonical ubuntu_linux 14.04
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.6.15
samba samba 3.0.33
samba samba 3.5.9
samba samba 4.0.15
samba samba 3.2.8
samba samba 3.4.3
samba samba 4.1.20
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.6.24
samba samba 3.0.28
CVE-2016-2111 MEDIUM

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 4.0.9
canonical ubuntu_linux 16.04
samba samba 3.5.17
samba samba 3.6.7
samba samba 4.2.1
samba samba 4.1.10
samba samba 3.5.0
samba samba 3.6.6
samba samba 3.5.18
samba samba 3.5.13
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.3.4
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 3.0.26a
samba samba 4.0.4
samba samba 3.6.17
samba samba 3.0.3
samba samba 3.6.5
samba samba 4.2.8
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 4.1.9
samba samba 4.1.14
samba samba 4.0.24
samba samba 4.1.23
canonical ubuntu_linux 15.10
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 4.3.1
samba samba 3.0.12
samba samba 3.6.8
samba samba 4.3.4
samba samba 3.0.30
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.0.23d
samba samba 3.3.6
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.1.4
samba samba 3.6.0
samba samba 4.0.23
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.25
samba samba 4.1.15
samba samba 3.0.23
samba samba 3.0.0
samba samba 4.2.2
samba samba 3.0.18
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.4.13
samba samba 3.0.8
samba samba 3.5.6
samba samba 3.6.25
samba samba 4.2.9
samba samba 3.0.21b
samba samba 3.4.6
samba samba 4.1.11
samba samba 4.0.18
samba samba 3.0.25b
samba samba 3.6.22
samba samba 3.4.10
samba samba 3.4.17
samba samba 4.1.16
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.6.14
samba samba 3.0.35
samba samba 3.2.0
samba samba 4.1.2
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.2.6
samba samba 3.5.10
samba samba 4.0.14
samba samba 3.0.2
samba samba 4.2.5
samba samba 3.0.1
samba samba 4.1.13
samba samba 3.3.15
samba samba 4.1.3
samba samba 3.3.14
samba samba 4.3.2
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.6.20
samba samba 3.3.10
samba samba 3.4.8
samba samba 4.4.0
samba samba 4.0.26
samba samba 3.0.23a
samba samba 4.1.18
samba samba 4.1.19
samba samba 3.2.5
samba samba 4.2.4
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 4.3.6
samba samba 3.3.3
samba samba 4.1.21
samba samba 3.0.11
samba samba 3.5.20
samba samba 4.1.7
samba samba 4.3.5
samba samba 3.3.16
samba samba 4.3.0
samba samba 3.0.21
samba samba 4.0.5
samba samba 4.2.3
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.4.12
samba samba 4.1.8
samba samba 3.5.21
samba samba 3.5.15
samba samba 4.1.12
samba samba 3.0.13
samba samba 3.6.21
samba samba 3.4.4
samba samba 4.0.25
samba samba 3.6.18
samba samba 4.0.16
samba samba 3.0.23b
samba samba 3.5.22
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 4.1.17
samba samba 4.2.6
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.26
samba samba 3.4.7
samba samba 4.0.20
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.0.17
samba samba 3.6.23
samba samba 4.0.13
samba samba 3.0.7
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 4.2.7
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.3.2
samba samba 3.6.3
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.2.11
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.4.15
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 4.3.3
samba samba 3.4.16
samba samba 3.4.1
samba samba 4.0.22
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.2.2
samba samba 4.1.1
samba samba 4.0.6
samba samba 3.5.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 3.5.19
canonical ubuntu_linux 14.04
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.6.15
samba samba 3.0.33
samba samba 3.5.9
samba samba 4.0.15
samba samba 3.2.8
samba samba 3.4.3
samba samba 4.1.20
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.6.24
samba samba 3.0.28
CVE-2016-2112 MEDIUM

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 4.0.9
canonical ubuntu_linux 16.04
samba samba 3.5.17
samba samba 3.6.7
samba samba 4.2.1
samba samba 4.1.10
samba samba 3.5.0
samba samba 3.6.6
samba samba 3.5.18
samba samba 3.5.13
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.3.4
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 3.0.26a
samba samba 4.0.4
samba samba 3.6.17
samba samba 3.0.3
samba samba 3.6.5
samba samba 4.2.8
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 4.1.9
samba samba 4.1.14
samba samba 4.0.24
samba samba 4.1.23
canonical ubuntu_linux 15.10
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 4.3.1
samba samba 3.0.12
samba samba 3.6.8
samba samba 4.3.4
samba samba 3.0.30
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.0.23d
samba samba 3.3.6
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.1.4
samba samba 3.6.0
samba samba 4.0.23
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.25
samba samba 4.1.15
samba samba 3.0.23
samba samba 3.0.0
samba samba 4.2.2
samba samba 3.0.18
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.4.13
samba samba 3.0.8
samba samba 3.5.6
samba samba 3.6.25
samba samba 4.2.9
samba samba 3.0.21b
samba samba 3.4.6
samba samba 4.1.11
samba samba 4.0.18
samba samba 3.0.25b
samba samba 3.6.22
samba samba 3.4.10
samba samba 3.4.17
samba samba 4.1.16
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.6.14
samba samba 3.0.35
samba samba 3.2.0
samba samba 4.1.2
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.2.6
samba samba 3.5.10
samba samba 4.0.14
samba samba 3.0.2
samba samba 4.2.5
samba samba 3.0.1
samba samba 4.1.13
samba samba 3.3.15
samba samba 4.1.3
samba samba 3.3.14
samba samba 4.3.2
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.6.20
samba samba 3.3.10
samba samba 3.4.8
samba samba 4.4.0
samba samba 4.0.26
samba samba 3.0.23a
samba samba 4.1.18
samba samba 4.1.19
samba samba 3.2.5
samba samba 4.2.4
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 4.3.6
samba samba 3.3.3
samba samba 4.1.21
samba samba 3.0.11
samba samba 3.5.20
samba samba 4.1.7
samba samba 4.3.5
samba samba 3.3.16
samba samba 4.3.0
samba samba 3.0.21
samba samba 4.0.5
samba samba 4.2.3
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.4.12
samba samba 4.1.8
samba samba 3.5.21
samba samba 3.5.15
samba samba 4.1.12
samba samba 3.0.13
samba samba 3.6.21
samba samba 3.4.4
samba samba 4.0.25
samba samba 3.6.18
samba samba 4.0.16
samba samba 3.0.23b
samba samba 3.5.22
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 4.1.17
samba samba 4.2.6
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.26
samba samba 3.4.7
samba samba 4.0.20
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.0.17
samba samba 3.6.23
samba samba 4.0.13
samba samba 3.0.7
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 4.2.7
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.3.2
samba samba 3.6.3
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.2.11
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.4.15
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 4.3.3
samba samba 3.4.16
samba samba 3.4.1
samba samba 4.0.22
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.2.2
samba samba 4.1.1
samba samba 4.0.6
samba samba 3.5.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 3.5.19
canonical ubuntu_linux 14.04
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.6.15
samba samba 3.0.33
samba samba 3.5.9
samba samba 4.0.15
samba samba 3.2.8
samba samba 3.4.3
samba samba 4.1.20
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.6.24
samba samba 3.0.28
CVE-2016-2113 MEDIUM

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
canonical ubuntu_linux 16.04
samba samba 4.2.9
samba samba 4.0.5
samba samba 4.2.3
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.2.0
samba samba 4.3.3
samba samba 4.1.2
samba samba 4.0.25
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.2.5
samba samba 4.2.8
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.23
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.1.17
samba samba 4.0.11
samba samba 4.2.6
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
samba samba 4.3.2
samba samba 4.3.1
samba samba 4.0.3
samba samba 4.3.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.4.0
samba samba 4.0.26
samba samba 4.1.15
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.7
samba samba 4.2.4
samba samba 4.3.6
samba samba 4.2.2
samba samba 4.0.1
samba samba 4.1.21
samba samba 4.1.7
samba samba 4.3.5
CVE-2016-2114 MEDIUM

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
samba samba 4.0.9
samba samba 4.3.0
canonical ubuntu_linux 16.04
samba samba 4.2.9
samba samba 4.0.5
samba samba 4.2.3
samba samba 4.2.1
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.0.18
samba samba 4.1.8
samba samba 4.0.12
samba samba 4.1.16
samba samba 4.1.12
samba samba 4.0.0
samba samba 4.1.6
samba samba 4.2.0
samba samba 4.3.3
samba samba 4.1.2
samba samba 4.0.25
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 4.0.22
samba samba 4.0.14
samba samba 4.0.4
samba samba 4.0.16
samba samba 4.2.5
samba samba 4.2.8
samba samba 4.1.9
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.1
samba samba 4.0.24
samba samba 4.0.6
samba samba 4.1.3
samba samba 4.1.23
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.1.17
samba samba 4.0.11
samba samba 4.2.6
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
samba samba 4.3.2
samba samba 4.3.1
samba samba 4.0.3
samba samba 4.3.4
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 4.0.20
samba samba 4.0.19
samba samba 4.0.15
samba samba 4.1.4
samba samba 4.0.7
samba samba 4.0.23
samba samba 4.0.13
samba samba 4.4.0
samba samba 4.0.26
samba samba 4.1.15
samba samba 4.1.18
samba samba 4.1.19
samba samba 4.1.20
samba samba 4.2.7
samba samba 4.2.4
samba samba 4.3.6
samba samba 4.2.2
samba samba 4.0.1
samba samba 4.1.21
samba samba 4.1.7
samba samba 4.3.5
CVE-2016-2115 MEDIUM

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
samba samba 3.0.14
samba samba 4.0.9
canonical ubuntu_linux 16.04
samba samba 3.5.17
samba samba 3.6.7
samba samba 4.2.1
samba samba 4.1.10
samba samba 3.5.0
samba samba 3.6.6
samba samba 3.5.18
samba samba 3.5.13
samba samba 4.1.6
samba samba 4.2.0
samba samba 3.3.4
samba samba 4.0.21
samba samba 4.0.2
samba samba 4.1.22
samba samba 3.0.26a
samba samba 4.0.4
samba samba 3.6.17
samba samba 3.0.3
samba samba 3.6.5
samba samba 4.2.8
samba samba 3.0.20a
samba samba 3.0.29
samba samba 3.0.34
samba samba 3.4.14
samba samba 4.1.9
samba samba 4.1.14
samba samba 4.0.24
samba samba 4.1.23
canonical ubuntu_linux 15.10
samba samba 3.5.11
samba samba 3.0.2a
samba samba 3.0.9
samba samba 4.3.1
samba samba 3.0.12
samba samba 3.6.8
samba samba 4.3.4
samba samba 3.0.30
samba samba 4.1.0
samba samba 4.0.8
samba samba 4.0.10
samba samba 3.0.23d
samba samba 3.3.6
samba samba 4.0.19
samba samba 3.6.19
samba samba 4.1.4
samba samba 3.6.0
samba samba 4.0.23
samba samba 3.0.36
samba samba 3.0.37
samba samba 3.0.25
samba samba 4.1.15
samba samba 3.0.23
samba samba 3.0.0
samba samba 4.2.2
samba samba 3.0.18
samba samba 3.5.8
samba samba 3.6.2
samba samba 3.4.13
samba samba 3.0.8
samba samba 3.5.6
samba samba 3.6.25
samba samba 4.2.9
samba samba 3.0.21b
samba samba 3.4.6
samba samba 4.1.11
samba samba 4.0.18
samba samba 3.0.25b
samba samba 3.6.22
samba samba 3.4.10
samba samba 3.4.17
samba samba 4.1.16
samba samba 3.4.0
samba samba 3.3.11
samba samba 3.6.14
samba samba 3.0.35
samba samba 3.2.0
samba samba 4.1.2
samba samba 3.5.16
samba samba 3.6.9
samba samba 3.2.6
samba samba 3.5.10
samba samba 4.0.14
samba samba 3.0.2
samba samba 4.2.5
samba samba 3.0.1
samba samba 4.1.13
samba samba 3.3.15
samba samba 4.1.3
samba samba 3.3.14
samba samba 4.3.2
samba samba 3.3.9
samba samba 4.0.3
samba samba 3.2.14
samba samba 3.5.5
samba samba 3.0.6
samba samba 3.2.7
samba samba 3.0.20
samba samba 3.4.5
samba samba 3.6.13
samba samba 3.5.14
samba samba 3.0.22
samba samba 3.0.19
samba samba 3.2.9
samba samba 3.2.12
samba samba 3.0.5
samba samba 3.2.3
samba samba 3.3.12
samba samba 3.6.20
samba samba 3.3.10
samba samba 3.4.8
samba samba 4.4.0
samba samba 4.0.26
samba samba 3.0.23a
samba samba 4.1.18
samba samba 4.1.19
samba samba 3.2.5
samba samba 4.2.4
samba samba 3.3.1
samba samba 3.5.2
samba samba 3.0.25c
samba samba 4.3.6
samba samba 3.3.3
samba samba 4.1.21
samba samba 3.0.11
samba samba 3.5.20
samba samba 4.1.7
samba samba 4.3.5
samba samba 3.3.16
samba samba 4.3.0
samba samba 3.0.21
samba samba 4.0.5
samba samba 4.2.3
samba samba 3.2.15
samba samba 3.3.13
samba samba 3.4.12
samba samba 4.1.8
samba samba 3.5.21
samba samba 3.5.15
samba samba 4.1.12
samba samba 3.0.13
samba samba 3.6.21
samba samba 3.4.4
samba samba 4.0.25
samba samba 3.6.18
samba samba 4.0.16
samba samba 3.0.23b
samba samba 3.5.22
samba samba 3.0.15
samba samba 3.3.0
samba samba 3.6.1
samba samba 3.5.12
samba samba 3.3.8
samba samba 4.1.17
samba samba 4.2.6
samba samba 3.4.2
samba samba 3.0.23c
samba samba 3.3.5
samba samba 3.0.24
samba samba 3.4.11
samba samba 3.0.26
samba samba 3.4.7
samba samba 4.0.20
samba samba 3.6.11
samba samba 4.0.7
samba samba 3.0.17
samba samba 3.6.23
samba samba 4.0.13
samba samba 3.0.7
samba samba 3.4.9
samba samba 3.0.21c
samba samba 3.2.10
samba samba 3.0.10
samba samba 4.2.7
samba samba 3.0.32
samba samba 3.0.4
samba samba 3.3.2
samba samba 3.6.3
samba samba 3.0.31
samba samba 3.5.7
samba samba 3.0.14a
samba samba 3.0.20b
samba samba 3.6.12
samba samba 3.5.1
samba samba 3.5.4
samba samba 3.2.1
samba samba 3.6.10
samba samba 3.2.11
samba samba 3.6.4
samba samba 4.0.12
samba samba 3.4.15
samba samba 4.0.0
samba samba 3.6.16
samba samba 3.0.21a
samba samba 4.3.3
samba samba 3.4.16
samba samba 3.4.1
samba samba 4.0.22
samba samba 3.0.27
samba samba 3.2.4
samba samba 3.2.2
samba samba 4.1.1
samba samba 4.0.6
samba samba 3.5.3
samba samba 4.1.5
samba samba 4.0.17
samba samba 4.0.11
samba samba 3.5.19
canonical ubuntu_linux 14.04
samba samba 3.3.7
samba samba 3.0.25a
samba samba 3.6.15
samba samba 3.0.33
samba samba 3.5.9
samba samba 4.0.15
samba samba 3.2.8
samba samba 3.4.3
samba samba 4.1.20
samba samba 3.2.13
samba samba 3.0.16
samba samba 4.0.1
samba samba 3.6.24
samba samba 3.0.28
CVE-2016-2118 MEDIUM

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2016-2119 MEDIUM

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
samba samba *
CVE-2016-2123 MEDIUM

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-119,

Products Affected

Vendor Product Version
samba samba *
CVE-2016-2124 MEDIUM

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat gluster_storage 3.0
redhat enterprise_linux_eus 8.4
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_tus 8.2
fedoraproject fedora 34
fedoraproject fedora 35
samba samba *
canonical ubuntu_linux 21.04
redhat openstack 16.2
redhat codeready_linux_builder -
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat virtualization_host 4.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
canonical ubuntu_linux 21.10
redhat enterprise_linux 7.0
redhat openstack 13
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_scientific_computing 7.0
redhat openstack 16.1
fedoraproject fedora 33
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat gluster_storage 3.5
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_resilient_storage 7.0
CVE-2016-2125 LOW

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat gluster_storage 3.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
samba samba *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
CVE-2016-2126 MEDIUM

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
samba samba *
CVE-2017-11103 MEDIUM

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apple iphone_os *
apple mac_os_x *
debian debian_linux 9.0
heimdal_project heimdal *
debian debian_linux 8.0
freebsd freebsd -
samba samba *
CVE-2017-12150 MEDIUM

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 7.0
redhat gluster_storage 3.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 9.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
samba samba *
CVE-2017-12151 MEDIUM

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,CWE-310,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
hp cifs_server b.04.05.11.00
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.4
samba samba *
CVE-2017-12163 MEDIUM

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 7.0
redhat gluster_storage 3.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 9.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
samba samba *
CVE-2017-14746 HIGH

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 17.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
samba samba *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 9.0
CVE-2017-15275 MEDIUM

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 17.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
samba samba *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 9.0
CVE-2017-15994 HIGH

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-354,

Products Affected

Vendor Product Version
samba rsync *
CVE-2017-16548 HIGH

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
debian debian_linux 7.0
debian debian_linux 9.0
samba rsync *
debian debian_linux 8.0
canonical ubuntu_linux 12.04
CVE-2017-17433 MEDIUM

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
samba rsync 3.1.2
debian debian_linux 7.0
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2017-17434 HIGH

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
samba rsync *
debian debian_linux 8.0
CVE-2017-2619 MEDIUM

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-59,CWE-362,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
debian debian_linux 8.0
samba samba *
CVE-2017-7494 HIGH

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
debian debian_linux 8.0
samba samba *
CVE-2017-9461 MEDIUM

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
samba samba 4.5.5
redhat enterprise_linux_server_aus 7.6
samba samba 4.5.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
samba samba 4.5.1
redhat enterprise_linux_server_eus 7.5
samba samba 4.5.3
samba samba 4.5.0
debian debian_linux 8.0
samba samba *
samba samba 4.5.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.4
CVE-2018-1050 LOW

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
samba samba *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 9.0
canonical ubuntu_linux 12.04
CVE-2018-1057 MEDIUM

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
debian debian_linux 8.0
samba samba *
CVE-2018-10858 MEDIUM

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat virtualization 4.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
redhat virtualization_host 4.0
samba samba *
CVE-2018-10918 MEDIUM

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
samba samba *
CVE-2018-10919 MEDIUM

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
samba samba *
CVE-2018-1139 MEDIUM

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-522,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
samba samba *
CVE-2018-1140 LOW

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
samba samba *
CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Products Affected

Vendor Product Version
fedoraproject fedora 37
samba samba *
CVE-2018-14629 MEDIUM

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2018-16841 MEDIUM

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-415,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
samba samba *
CVE-2018-16851 MEDIUM

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 12.04
samba samba *
CVE-2018-16852 LOW

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
samba samba *
CVE-2018-16853 MEDIUM

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
samba samba *
CVE-2018-16857 MEDIUM

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-358,

Products Affected

Vendor Product Version
samba samba *
CVE-2018-16860 MEDIUM

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-358,

Products Affected

Vendor Product Version
heimdal_project heimdal *
samba samba *
CVE-2018-5764 MEDIUM

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
debian debian_linux 7.0
debian debian_linux 9.0
samba rsync *
debian debian_linux 8.0
CVE-2019-10197 MEDIUM

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
debian debian_linux 10.0
samba samba 4.9.0
samba samba 4.10.0
canonical ubuntu_linux 19.04
samba samba 4.11.0
samba samba *
CVE-2019-10218 MEDIUM

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 29
samba samba *
CVE-2019-12435 MEDIUM

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
samba samba *
CVE-2019-12436 MEDIUM

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
samba samba *
CVE-2019-14833 MEDIUM

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-305,CWE-521,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 29
opensuse leap 15.0
fedoraproject fedora 30
samba samba *
CVE-2019-14847 MEDIUM

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 29
opensuse leap 15.0
fedoraproject fedora 30
samba samba *
CVE-2019-14861 LOW

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
fedoraproject fedora 31
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
opensuse leap 15.1
canonical ubuntu_linux 19.04
fedoraproject fedora 30
samba samba *
CVE-2019-14870 MEDIUM

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-287,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
debian debian_linux 10.0
fedoraproject fedora 31
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
opensuse leap 15.1
canonical ubuntu_linux 19.04
fedoraproject fedora 30
samba samba *
CVE-2019-14902 MEDIUM

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
opensuse leap 15.1
canonical ubuntu_linux 19.04
samba samba *
CVE-2019-14907 LOW

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.0
canonical ubuntu_linux 19.10
canonical ubuntu_linux 19.04
synology skynas -
fedoraproject fedora 30
samba samba *
synology directory_server -
synology router_manager 1.2
redhat storage 3.0
redhat enterprise_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
synology diskstation_manager 6.2
CVE-2019-19344 MEDIUM

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
synology directory_server -
synology router_manager 1.2
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
opensuse leap 15.1
canonical ubuntu_linux 19.04
synology skynas -
synology diskstation_manager 6.2
samba samba *
CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
pivotal cloud_foundry_log_cache_release *
pivotal cloud_foundry_event_alerts *
pivotal cloud_foundry_command_line_interface_release *
appdynamics platform_montioring *
datastax enterprise_service_broker *
cyberark conjur_service_broker *
pivotal cloud_foundry_deployment *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_deployment_concourse_tasks *
pivotal cloud_foundry_healthwatch *
newrelic dotnet_extension_buildpack *
anynines rabbitmq *
newrelic nozzle *
wavefront wavefront_by_vmware_nozzle *
pivotal single_sign-on *
anynines redis *
pivotal pivotal_cloud_foundry_service_broker *
pivotal credhub_service_broker_for_pcf *
solace pubsub+ *
forgerock service_broker *
splunk nozzle *
pagerduty service_broker *
anynines logme *
pivotal application_service *
pivotal metric_registrar_release *
newrelic service_broker *
signalsciences service_broker *
pivotal on_demand_service_broker *
contrastsecurity service_broker *
appdynamics application_performance_monitoring *
yugabyte db_enterprise *
riverbed steelcentral_appinternals *
microsoft azure_log_analytics_nozzle *
samba volume_service *
appdynamics application_analytics *
bluemedora nozzle *
pivotal cloud_foundry_networking_release *
anynines elasticsearch *
synopsys seeker_iast_service_broker *
pivotal cloud_foundry_smoke_test *
dynatrace service_broker *
google google_cloud_platform_service_broker *
sumologic nozzle *
anynines mongodb *
microsoft azure_service_broker *
anynines postgresql *
pivotal cloud_foundry_notifications *
datadoghq application_monitoring *
snyk service_broker *
apigee edge_service_broker *
tibco businessworks_buildpack *
anynines mysql *
ibm websphere_liberty_ *
pivotal cloud_foundry_routing_release *
pivotal cloud_foundry_command_line_interface *
CVE-2019-3824 MEDIUM

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
debian debian_linux 8.0
samba samba *
CVE-2019-3870 LOW

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
synology diskstation_manager 6.1
synology directory_server -
synology router_manager 1.2
fedoraproject fedora 29
synology vs960hd_firmware *
synology diskstation_manager 5.2
synology skynas_firmware -
fedoraproject fedora 30
synology diskstation_manager 6.2
samba samba *
CVE-2019-3880 MEDIUM

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
fedoraproject fedora 29
redhat gluster_storage 3.0
fedoraproject fedora 28
redhat enterprise_linux 7.0
debian debian_linux 8.0
fedoraproject fedora 30
samba samba *
opensuse leap 42.3
CVE-2020-10700 LOW

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 32
opensuse leap 15.2
fedoraproject fedora 30
samba samba *
CVE-2020-10704 MEDIUM

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 9.0
opensuse leap 15.2
fedoraproject fedora 30
samba samba *
CVE-2020-10730 MEDIUM

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 31
redhat storage 3.0
debian debian_linux 9.0
opensuse leap 15.2
opensuse leap 15.1
samba samba *
CVE-2020-10745 HIGH

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 9.0
opensuse leap 15.2
opensuse leap 15.1
samba samba *
CVE-2020-10760 MEDIUM

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 20.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
opensuse leap 15.2
opensuse leap 15.1
samba samba *
CVE-2020-14303 MEDIUM

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
fedoraproject fedora 31
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
opensuse leap 15.2
opensuse leap 15.1
canonical ubuntu_linux 12.04
samba samba *
CVE-2020-14318 MEDIUM

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-266,CWE-269,

Products Affected

Vendor Product Version
redhat storage 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
samba samba *
CVE-2020-14323 LOW

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-170,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
debian debian_linux 9.0
opensuse leap 15.2
opensuse leap 15.1
samba samba *
CVE-2020-14342 MEDIUM

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-78,

Products Affected

Vendor Product Version
samba cifs-utils *
fedoraproject fedora 32
fedoraproject fedora 33
opensuse leap 15.1
CVE-2020-14383 MEDIUM

A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-391,NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
samba samba *
CVE-2020-14387 MEDIUM

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-297,

Products Affected

Vendor Product Version
samba rsync 3.2.0
samba rsync *
CVE-2020-1472 HIGH

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
secure@microsoft.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
fedoraproject fedora 31
microsoft windows_server_2019 -
canonical ubuntu_linux 16.04
microsoft windows_server_2012 r2
canonical ubuntu_linux 20.04
opensuse leap 15.1
microsoft windows_server_2016 1909
microsoft windows_server_1909 *
samba samba *
microsoft windows_server_1903 *
synology directory_server *
fedoraproject fedora 32
debian debian_linux 9.0
canonical ubuntu_linux 18.04
opensuse leap 15.2
microsoft windows_server_2008 r2
microsoft windows_server_2016 2004
microsoft windows_server_20h2 -
microsoft windows_server_2016 -
microsoft windows_server_2012 -
microsoft windows_server_2016 1903
microsoft windows_server_2004 -
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 33
CVE-2020-17049 HIGH

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
secure@microsoft.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
microsoft windows_server_2016 2004
microsoft windows_server_2019 -
microsoft windows_server_2012 *
microsoft windows_server_2016 20h2
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
microsoft windows_server_2016 1909
microsoft windows_server_2016 1903
samba samba *
CVE-2020-25717 HIGH

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat gluster_storage 3.0
redhat enterprise_linux_eus 8.4
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_tus 8.2
fedoraproject fedora 34
fedoraproject fedora 35
samba samba *
canonical ubuntu_linux 21.04
redhat openstack 16.2
redhat codeready_linux_builder -
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat virtualization_host 4.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat virtualization 4.0
canonical ubuntu_linux 21.10
redhat enterprise_linux 7.0
redhat openstack 13
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_scientific_computing 7.0
redhat openstack 16.1
fedoraproject fedora 33
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat gluster_storage 3.5
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_resilient_storage 7.0
CVE-2020-25718 MEDIUM

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
fedoraproject fedora 35
samba samba *
CVE-2020-25719 HIGH

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-362,

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 8.4
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_aus 8.2
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
fedoraproject fedora 35
samba samba *
canonical ubuntu_linux 21.04
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
canonical ubuntu_linux 21.10
redhat enterprise_linux 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_scientific_computing 7.0
fedoraproject fedora 33
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
CVE-2020-25721 MEDIUM

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
samba samba *
CVE-2020-25722 MEDIUM

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 33
canonical ubuntu_linux 20.04
canonical ubuntu_linux 21.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
fedoraproject fedora 34
fedoraproject fedora 35
samba samba *
canonical ubuntu_linux 21.04
CVE-2020-27840 MEDIUM

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 34
samba samba *
CVE-2021-20208 MEDIUM

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 0.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-266,CWE-269,

Products Affected

Vendor Product Version
samba cifs-utils *
fedoraproject fedora 33
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
fedoraproject fedora 34
fedoraproject fedora 35
CVE-2021-20251

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
samba samba *
CVE-2021-20254 MEDIUM

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 33
redhat enterprise_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux 7.0
samba samba *
CVE-2021-20277 MEDIUM

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 34
samba samba *
CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_aus 8.6
debian debian_linux 11.0
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_tus 8.6
redhat virtualization_host 4.0
samba samba *
CVE-2021-23192 MEDIUM

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
samba samba *
CVE-2021-3670

MaxQueryDuration not honoured in Samba AD DC LDAP

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
redhat storage 3.0
fedoraproject fedora 35
samba samba *
CVE-2021-3671 MEDIUM

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 10.0
netapp management_services_for_netapp_hci -
netapp ontap_select_deploy_administration_utility -
debian debian_linux 11.0
netapp management_services_for_element_software -
samba samba *
CVE-2021-3738 MEDIUM

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
samba samba *
CVE-2021-43566 LOW

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
samba samba *
CVE-2021-44141 LOW

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-59,

Products Affected

Vendor Product Version
redhat storage 3.0
fedoraproject fedora 34
fedoraproject fedora 35
samba samba *
CVE-2021-44142 HIGH

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
debian debian_linux 10.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 8.4
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_aus 8.2
fedoraproject fedora 34
redhat enterprise_linux_server_tus 8.2
fedoraproject fedora 35
samba samba *
redhat codeready_linux_builder -
debian debian_linux 11.0
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat virtualization_host 4.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
synology diskstation_manager *
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
canonical ubuntu_linux 21.10
redhat enterprise_linux 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_server 8.1
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat gluster_storage 3.5
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_resilient_storage 7.0
CVE-2022-0336

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 34
fedoraproject fedora 35
samba samba *
CVE-2022-1615

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
samba samba *
CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
samba samba *
CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 37
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
fedoraproject fedora 38
debian debian_linux 12.0
samba samba *
CVE-2022-27239 HIGH

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 10.0
suse linux_enterprise_point_of_service 11.0
samba cifs-utils *
suse caas_platform 4.0
fedoraproject fedora 34
fedoraproject fedora 35
suse manager_retail_branch_server 4.3
suse openstack_cloud_crowbar 8.0
suse openstack_cloud 9.0
debian debian_linux 11.0
debian debian_linux 9.0
suse linux_enterprise_high_performance_computing 15.0
suse manager_server 4.1
suse enterprise_storage 6.0
suse linux_enterprise_real_time 15.0
suse linux_enterprise_storage 7.1
suse manager_server 4.2
suse linux_enterprise_micro 5.2
suse linux_enterprise_server 15
suse linux_enterprise_software_development_kit 12
suse openstack_cloud 8.0
hp helion_openstack 8.0
suse manager_proxy 4.2
suse manager_retail_branch_server 4.2
suse manager_proxy 4.1
suse linux_enterprise_high_performance_computing 12.0
suse manager_proxy 4.3
suse linux_enterprise_server 11
suse manager_retail_branch_server 4.1
suse manager_server 4.3
fedoraproject fedora 36
suse openstack_cloud_crowbar 9.0
suse linux_enterprise_server 12
suse linux_enterprise_desktop 15
suse enterprise_storage 7.0
CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

Products Affected

Vendor Product Version
fedoraproject fedora 36
samba rsync *
fedoraproject fedora 35
CVE-2022-29869 MEDIUM

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
debian debian_linux 10.0
debian debian_linux 11.0
samba cifs-utils *
debian debian_linux 9.0
fedoraproject fedora 36
fedoraproject fedora 34
fedoraproject fedora 35
CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
samba samba *
CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
samba samba *
CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
samba samba *
CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

Products Affected

Vendor Product Version
samba samba *
CVE-2022-32746

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
samba samba *
CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 36
samba samba *
CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 36
samba samba *
CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
netapp management_services_for_netapp_hci -
microsoft windows_server_2019 -
microsoft windows_server_2022 -
fedoraproject fedora 37
microsoft windows_server_2008 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
netapp management_services_for_element_software -
microsoft windows_server_2012 -
samba samba *
fedoraproject fedora 36
microsoft windows_server_2008 r2
CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
netapp management_services_for_netapp_hci -
microsoft windows_server_2019 -
microsoft windows_server_2022 -
fedoraproject fedora 37
microsoft windows_server_2008 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
netapp management_services_for_element_software -
microsoft windows_server_2012 -
samba samba *
fedoraproject fedora 36
microsoft windows_server_2008 r2
CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
netapp management_services_for_netapp_hci -
microsoft windows_server_2019 -
microsoft windows_server_2022 -
fedoraproject fedora 37
microsoft windows_server_2008 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
netapp management_services_for_element_software -
microsoft windows_server_2012 -
samba samba *
fedoraproject fedora 36
microsoft windows_server_2008 r2
CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
mit kerberos_5 *
heimdal_project heimdal *
samba samba *
mit kerberos_5 1.20
CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
heimdal_project heimdal *
samba samba *
CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
samba samba *
CVE-2022-4603

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.

Products Affected

Vendor Product Version
samba ppp *
CVE-2023-0225

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
samba samba 4.18.0
samba samba *
CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
samba samba 4.18.0
samba samba *
CVE-2023-0922

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
samba samba 4.18.0
samba samba *
CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat storage 3.0
redhat enterprise_linux 8.0
fedoraproject fedora 38
samba samba *
CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 37
debian debian_linux 11.0
redhat enterprise_linux 8.0
fedoraproject fedora 38
debian debian_linux 12.0
samba samba *
CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 37
debian debian_linux 11.0
redhat enterprise_linux 8.0
fedoraproject fedora 38
debian debian_linux 12.0
samba samba *
CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat storage 3.0
fedoraproject fedora 37
debian debian_linux 11.0
redhat enterprise_linux 8.0
fedoraproject fedora 38
debian debian_linux 12.0
samba samba *
CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
secalert@redhat.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
redhat storage 3.0
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 9.0
samba samba *
CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat storage 3.0
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 9.0
samba samba *
CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
samba samba *
CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat storage 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux_for_power_little_endian_eus 9.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.0_s390x
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
samba samba *
CVE-2023-42670

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 39
samba samba *
CVE-2023-5568

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 1.6 4.2

Products Affected

Vendor Product Version
samba samba *
CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
novell suse_linux -
nixos nixos *
samba rsync 3.2.7
gentoo linux -
redhat enterprise_linux 10.0
tritondatacenter smartos *
archlinux arch_linux -
samba rsync 3.3.0
almalinux almalinux 10.0
nixos nixos 24.11
CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 9.0
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_arm_64 9.2_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_eus 9.6
redhat openshift_container_platform 4.13
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_eus 9.2
redhat openshift 5.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_server_aus 9.2
samba rsync *
redhat enterprise_linux_update_services_for_sap_solutions 8.4
almalinux almalinux 10.0
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux 9.0
redhat enterprise_linux_update_services_for_sap_solutions 9.6
nixos nixos *
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat openshift_container_platform 4.12
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
redhat enterprise_linux_server_aus 8.6
almalinux almalinux 8.0
redhat openshift_container_platform 4.17
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat openshift_container_platform 4.14
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
archlinux arch_linux -
redhat enterprise_linux_server_tus 8.6
redhat openshift_container_platform 4.15
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat openshift_container_platform 4.16
redhat enterprise_linux_for_power_little_endian 8.8_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_server 6.0
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
suse suse_linux -
redhat enterprise_linux_server_aus 8.4
gentoo linux -
almalinux almalinux 9.0
tritondatacenter smartos *
CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 1.6 4.0

Products Affected

Vendor Product Version
almalinux almalinux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 7.0
samba rsync *
redhat enterprise_linux 10.0
suse suse_linux -
almalinux almalinux 10.0
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
nixos nixos *
redhat enterprise_linux 8.0
gentoo linux -
almalinux almalinux 9.0
tritondatacenter smartos *
archlinux arch_linux -
CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
almalinux almalinux 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_eus 9.6
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
archlinux arch_linux -
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
samba rsync *
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
suse suse_linux -
almalinux almalinux 10.0
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux 9.0
redhat enterprise_linux_update_services_for_sap_solutions 9.6
nixos nixos *
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
gentoo linux -
almalinux almalinux 9.0
tritondatacenter smartos *
CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
almalinux almalinux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux 10.0
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_eus 9.6
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
archlinux arch_linux -
redhat discovery 1.14
redhat enterprise_linux 7.0
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
samba rsync *
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
almalinux almalinux 10.0
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux 9.0
novell suse_linux -
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux 6.0
nixos nixos *
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
gentoo linux -
almalinux almalinux 9.0
tritondatacenter smartos *
CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
samba samba *