Filtered by vendor Samba
Subscribe
Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2126 | 1 Samba | 1 Samba | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. | |||||
| CVE-2017-15994 | 1 Samba | 1 Rsync | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. | |||||
| CVE-2017-16548 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. | |||||
| CVE-2022-44640 | 2 Heimdal Project, Samba | 2 Heimdal, Samba | 2025-04-15 | N/A | 9.8 CRITICAL |
| Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | |||||
| CVE-2022-42898 | 3 Heimdal Project, Mit, Samba | 3 Heimdal, Kerberos 5, Samba | 2025-04-14 | N/A | 8.8 HIGH |
| PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." | |||||
| CVE-2015-7540 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. | |||||
| CVE-2015-5296 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.4 MEDIUM |
| Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | |||||
| CVE-2016-0771 | 1 Samba | 1 Samba | 2025-04-12 | 4.9 MEDIUM | 5.9 MEDIUM |
| The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. | |||||
| CVE-2015-8467 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
| The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. | |||||
| CVE-2016-2112 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. | |||||
| CVE-2016-2111 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 6.3 MEDIUM |
| The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. | |||||
| CVE-2015-5370 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. | |||||
| CVE-2016-2114 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. | |||||
| CVE-2016-2119 | 1 Samba | 1 Samba | 2025-04-12 | 6.8 MEDIUM | 7.5 HIGH |
| libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | |||||
| CVE-2016-2113 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5252 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 5.0 MEDIUM | 7.2 HIGH |
| vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | |||||
| CVE-2015-5330 | 1 Samba | 1 Samba | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. | |||||
| CVE-2015-5299 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. | |||||
| CVE-2016-2118 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 6.8 MEDIUM | 7.5 HIGH |
| The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." | |||||
| CVE-2014-3493 | 1 Samba | 1 Samba | 2025-04-12 | 2.7 LOW | N/A |
| The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. | |||||