samba -- multiple vulnerabilities

The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...

Can not log on locally to the system of the Telnet solution-vulnerability warning-the black bar safety net

In Windows 2 0 0 0 environment, is Group Policy to deny logon locally has been relatively headache thing. This article will introduce one to all users denied to log on locally after the solve method. In Windows2000, if a user is to cancel the log on locally permission, when the user locally logs ...

Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006 CVE: CVE-2006-4691 BID: 20985 OSVDB: 30263 Background The Windows Workstation service routes network requests for file or printer resources. Problem A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain...

Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006 CVE: CVE-2006-4691 BID: 20985 OSVDB: 30263 Background The Windows Workstation service routes network requests for file or printer resources. Problem A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain...

Windows Workstation service NetpManageIPCConnect buffer overflow

Added: 11/27/2006 CVE: CVE-2006-4691 BID: 20985 OSVDB: 30263 Background The Windows Workstation service routes network requests for file or printer resources. Problem A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain...

Microsoft Windows - NetpManageIPCConnect Remote Stack Overflow (MS06-070) (Python)

Microsoft Windows - NetpManageIPCConnect Remote Stack Overflow MS06-070 Python !/usr/bin/python MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit Tested on windows 2000 server SP4 Usage: python NetAPI-NetrJoinDomain2.py Requires a domain controller on the network configure...

Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)

!/usr/bin/python MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit Tested on windows 2000 server SP4 Usage: python NetAPI-NetrJoinDomain2.py Requires a domain controller on the network configure samba as DC Requires python and impacket Winny M Thomas ;- from impacket.dcerpc...

FreeBSD : samba -- Exposure of machine account credentials in winbind log files (92fd40eb-c458-11da-9c79-00123ffe8333)

Samba Security Advisory : The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regardin...

Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)

The SMB signing capability in the Server Message Block protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group...

Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)

The SMB signing capability in the Server Message Block protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group...

CVE-2005-3173

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions...

CVE-2005-3173

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions...

Microsoft Windows domain controller denial of service in Kerberos message handling

Overview Microsoft Windows domain controllers do not properly handle some Kerberos messages, potentially allowing a remote, authenticated attacker to cause a denial-of-service condition. Description Microsoft Windows domain controllers running Windows 2000 Server and Server 2003 use the Kerberos...

Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability

Description A denial of service vulnerability has been reported in Microsoft Windows 2000 Server systems that are acting as Domain Controllers. This issue may be triggered by sending a malformed LDAP query to an affected Windows 2000 Domain Controller. This will cause a reboot in the Domain...

Security Bulletin MS02-016 Q318593: Opening Group Policy Files for Exclusive Read Blocks Policy Application

-----BEGIN PGP SIGNED MESSAGE----- Title: Q318593: Opening Group Policy Files for Exclusive Read Blocks Policy Application Date: 04 April 2002 Software: Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Impact: Attacker could block...

CVE-2001-0018

The CVE-2001-0018 entry affects Windows 2000 domain controllers (Windows 2000 Server, Advanced Server, or Datacenter Server). It describes a denial-of-service vulnerability caused by remote attackers sending a flood of malformed service requests to the DC, leading to partial availability impact. ...

CVE-2001-0237

CVE-2001-0237 affects Microsoft Windows 2000 domain controllers, where the Kerberos service can leak memory when it receives certain invalid Kerberos requests, potentially exhausting memory and causing a denial of service. Affected component is the Kerberos service (KDC) on Windows 2000 domain co...

CVE-2001-0018

Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests...

Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests

Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...

Microsoft Security Bulletin MS01-011

---------------------------------------------------------------------- Title: Malformed Request to Domain Controller can Cause Denial of Service Date: 20 February 2001 Software: Windows 2000 Server, Advanced Server and Datacenter Server Impact: Denial of Service Bulletin: MS01-011 Microsoft...