89 matches found
SAMR and LSA man in the middle attacks possible
Description The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These...
Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...
SUSE: Security Advisory for Samba (SUSE-SU-2014:0497-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities
Binary data 8276.prm...
SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)
"The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed : - No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been...
Updated samba packages fix security vulnerability
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...
Microsoft Windows multiple security vulnerabilities
DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations...
CVE-2013-4496
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...
Microsoft Windows Security Account Manager Remote协议安全限制绕过漏洞
BUGTRAQ ID: 66012 CVECAN ID: CVE-2014-0317 Windows是一款由美国微软公司开发的窗口化操作系统。 Security Account Manager Remote SAMR协议没有正确验证用户锁定状态,在实现上存在安全功能绕过漏洞。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 厂商补丁: Microsoft ---------...
Security feature bypass
The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...
CVE-2014-0317
CVE-2014-0317 is the SAMR Security Feature Bypass vulnerability in Microsoft Windows, affecting Windows XP SP2-SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows Server 2012 (Gold/R2). The issue stems from the Security Account Manager Remote (SAMR) protoc...
CVE-2014-0317
The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...
Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
This host is missing an important security update according to Microsoft Bulletin MS14-016. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : samba -- multiple vulnerabilities (03e48bf5-a96d-11e3-a556-3c970e169bc2)
Samba project reports : In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...
samba -- multiple vulnerabilities
Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...
MS14-016: Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
A security feature bypass vulnerability exists in Windows due to the Security Account Manager Remote SAMR protocol incorrectly validating the user lockout state. Remote, authenticated attackers can exploit this issue to conduct brute force attacks against user passwords. Note that the host must...
PT-2014-1730 · Microsoft · Windows Server 2003 +4
Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows Server 2012 versions Gold through R2...
CVE-2013-4496: Password lockout not enforced for SAMR password changes
Description Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interface...
Nmap NSE 6.01: smb-enum-groups
Obtains a list of groups from the remote Windows system, as well as a list of the group's users. This works similarly to 'enum.exe' with the '/G' switch. The following MSRPC functions in SAMR are used to find a list of groups and the RIDs of their users. Keep in mind that MSRPC refers to groups a...
Nmap NSE 6.01: smb-enum-users
Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see 'smb.lua'. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpfu...