CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

Security fix for the ALT Linux 10 package samba version 4.4.2-alt1

April 12, 2016 Andrey Cherepanov 4.4.2-alt1 - New version - Security fixes: - CVE-2015-5370 Multiple errors in DCE-RPC code - CVE-2016-2110 Man in the middle attacks possible with NTLMSSP - CVE-2016-2111 NETLOGON Spoofing Vulnerability - CVE-2016-2112 LDAP client and server don't enforce integrit...

UBUNTU-CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0814-1)

"This update for samba fixes the following issues : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target. bso11648 bsc968222 Also the following bugs were fixed : - Add quotes around path of update-apparmor-samba-profile; bsc962177. - Prevent access...

The vulnerability of the Windows operating system, which allows a hacker to gain access to user accounts

The vulnerability of the Netlogon service in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain access to user accounts due to configuration errors in the domain controller...

Samba NetLogon未初始化指针漏洞（CVE-2015-0240）

No description provided by source. !/usr/bin/env python coding: utf-8 import sys import time from struct import pack,unpack import argparse import impacket from impacket.dcerpc.v5 import transport, nrpc from impacket.dcerpc.v5.ndr import NDRCALL from impacket.dcerpc.v5.dtypes import WSTR class...

Oracle: Security Advisory (ELSA-2015-0251)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04667)

Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. A security vulnerability exists in the Netlogon service for Microsoft Windows due to the program failing to properly implement domain-controller communication. A remote...

Microsoft Windows NETLOGON Privilege Elevation Vulnerability (3068457)

This host is missing an important security update according to Microsoft Bulletin MS15-071. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-2374

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and...

Privilege escalation

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and...

CVE-2015-2374

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and...

CVE-2015-2374

CVE-2015-2374 affects the Netlogon service in multiple Windows Server editions (2003 SP2/R2 SP2, 2008 SP2/R2 SP1, 2012) where improper domain-controller communication can let an attacker disclose credentials by forging a BDC with PDC access in a PDC channel, enabling privilege escalation. Root ca...

KLA10631 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Unknown vulnerability can b...

Microsoft Windows 'Netlogon' Service CVE-2015-2374 Remote Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the affected system. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0....

MS15-071: Vulnerability in NETLOGON Could Allow Elevation of Privilege (3068457)

The remote Windows host is affected by a privilege escalation vulnerability due to the Netlogon service improperly establishing a communications channel to a primary domain controller PDC. An attacker, with access to the PDC, can exploit this by using a crafted application to create a secure...

Mandriva Linux Security Advisory : samba (MDVSA-2015:081)

Updated samba packages fix security vulnerabilities : An uninitialized pointer use flaw was found in the Samba daemon smbd. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges o...

Microsoft Netlogon Services Remote Forgery Vulnerability

Microsoft Windows is an operating system developed by Microsoft. The Microsoft Windows Netlogon service fails to properly establish a secure communication channel to other machines using spoofed computer names.A spoofing vulnerability exists in NETLOGON.To successfully exploit the vulnerability, ...

CVE-2015-0005

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, ...

Spoofing

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, ...