609 matches found
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
CVE-2020-1472 aka Zerologon
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
Netlogon Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
USN-4454-2 samba vulnerability
USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT...
USN-4454-1 samba vulnerability
Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service...
ALPINE-CVE-2020-10760
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...
The vulnerability of Samba software, related to pointer manipulation errors, allows a hacker to trigger a service failure in the AD, DC, or LDAP server.
The vulnerability of Samba software is related to errors in pointer manipulation. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a failure in the service of the AD, DC, or LDAP servers...
The vulnerability of the Red Hat IPA domain controller, related to the lack of automatic termination of all sessions after password changes, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Red Hat IPA domain controller is related to the absence of automatic termination of all sessions after the password is changed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
Exploit for CVE-2019-1040
CVE-2019-1040 Great writeup! Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin . So, I wrote CVE-2019-1040.py for easy to use. You can also check out my exchange2domain repo: https://github.com/ridter/exchange2domain, another way to use exchange to get DC...
DEBIAN-CVE-2020-10704
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerabilit...
Stack overflow
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerabilit...
CVE-2020-10704
CVE-2020-10704 affects Samba acting as an Active Directory Domain Controller. The vulnerability is a stack overflow in the AD DC LDAP server triggered by certain requests, enabling an unauthorized user to cause a denial of service, impacting availability. Public disclosures in connected Debian Fe...
CVE-2020-10704
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerabilit...
March 17, 2020—KB4541331 (OS Build 17763.1131)
March 17, 2020—KB4541331 OS Build 17763.1131 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that causes an error when printing to a document share. Updates...
Red Hat IPA Code Issue Vulnerability
Red Hat IPA is a domain controller for Linux/UNIX platforms from Red Hat. A code issue vulnerability exists in Red Hat IPA. The vulnerability arises from an improperly designed or implemented code development process for a network system or product. No detailed vulnerability details are provided ...
Update the copy of the Cmitrust.dll file in Windows
Update the copy of the Cmitrust.dll file in Windows This article describes an update that fixes an issue in Windows Server 2008 R2 and improves the copy of the Cmitrust.dll file in Windows 8.1, Windows RT 8.1, Windows 8, Windows RT, and Windows 7. Before you install this update, notice that the...
Update adds BPA rules for DirectAccess in Windows Server 2012 R2 or Windows Server 2012
Update adds BPA rules for DirectAccess in Windows Server 2012 R2 or Windows Server 2012 Introduction This article describes an update that adds new Best Practices Analyzer BPA rules. The rules are for DirectAccess on the servers that are running Windows Server 2012 R2 or Windows Server 2012. The...
Windows Manage Add User to the Domain and/or to a Domain Group
This module adds a user to the Domain and/or to a Domain group. It will check if sufficient privileges are present for certain actions and run getprivs for system. If you elevated privs to system, the SeAssignPrimaryTokenPrivilege will not be assigned. You need to migrate to a process that is...