13 matches found
CLSA-2026-1773667921 Fix CVE(s): CVE-2025-10230
SECURITY UPDATE: unauthenticated command injection via WINS hook in source4 NBT server. The "wins hook" parameter passed unsanitized NetBIOS names to a shell command, allowing arbitrary command execution by remote clients. - debian/patches/CVE-2025-10230.patch - CVE-2025-10230...
CLSA-2026-1773073974 Fix CVE(s): CVE-2025-10230
SECURITY UPDATE: command injection via improper NetBIOS name validation in shell hook handling CVE - debian/patches/CVE-2025-10230-1.patch: Validate NetBIOS names before passing them to hook shell command, rejecting characters outside alphanumeric, dot, underscore, or hyphen. Prevent command...
AZL-69830 CVE-2025-10230 affecting package samba 4.18.3-2
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-10230
CVE-2025-10230 involves Samba’s front-end WINS hook where NetBIOS names from registration packets are inserted into a shell without proper validation or escaping, enabling unauthenticated remote code execution as the Samba process. The issue is rooted in unsanitized NetBIOS data in WINS registrat...
CVE-2025-10230 Samba: command injection in wins server hook script
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-10230 Samba: command injection in wins server hook script
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
Samba WINS hook RCE (CVE-2025-10230)
In the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller's...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba, particularly in the handling of the front-end WINS hook: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets is inserted into shell commands and executed b...
SUSE CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
PT-2025-42432
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.21.9, 4.21.5, and 4.23.2 Description A critical flaw exists in Samba, specifically in the handling of WINS hook requests. The vulnerability occurs because NetBIOS names received in WINS registration packets are passed...