Lucene search
K

89 matches found

Samba
Samba
added 2016/04/12 12:0 a.m.60 views

SAMR and LSA man in the middle attacks possible

Description The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These...

7.5CVSS0.1AI score0.3693EPSS
Exploits0
Talos
Talos
added 2016/01/08 12:0 a.m.37 views

Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...

6.8CVSS6.5AI score0.01648EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/10/13 12:0 a.m.34 views

SUSE: Security Advisory for Samba (SUSE-SU-2014:0497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.7AI score0.10642EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/03 12:0 a.m.87 views

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities

Binary data 8276.prm...

5.8CVSS8.3AI score0.10642EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2014/04/08 12:0 a.m.28 views

SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)

"The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed : - No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been...

5CVSS7.3AI score0.10642EPSS
Exploits0References9
Mageia
Mageia
added 2014/03/23 9:10 a.m.37 views

Updated samba packages fix security vulnerability

In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5CVSS2.5AI score0.10642EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/03/18 12:0 a.m.73 views

Microsoft Windows multiple security vulnerabilities

DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations...

9.3CVSS3.9AI score0.13974EPSS
Exploits5Affected Software1
Cvelist
Cvelist
added 2014/03/14 10:0 a.m.26 views

CVE-2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 1 SAMR or 2 RAP attempts...

7.4AI score0.10642EPSS
Exploits0References18
seebug.org
seebug.org
added 2014/03/13 12:0 a.m.57 views

Microsoft Windows Security Account Manager Remote协议安全限制绕过漏洞

BUGTRAQ ID: 66012 CVECAN ID: CVE-2014-0317 Windows是一款由美国微软公司开发的窗口化操作系统。 Security Account Manager Remote SAMR协议没有正确验证用户锁定状态,在实现上存在安全功能绕过漏洞。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 厂商补丁: Microsoft ---------...

5.4CVSS6.4AI score0.10249EPSS
Exploits1
Prion
Prion
added 2014/03/12 5:15 a.m.22 views

Security feature bypass

The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...

5.4CVSS7AI score0.10249EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2014/03/12 1:0 a.m.99 views

CVE-2014-0317

CVE-2014-0317 is the SAMR Security Feature Bypass vulnerability in Microsoft Windows, affecting Windows XP SP2-SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows Server 2012 (Gold/R2). The issue stems from the Security Account Manager Remote (SAMR) protoc...

5.4CVSS6.5AI score0.10249EPSS
Exploits1References1Affected Software5
Cvelist
Cvelist
added 2014/03/12 1:0 a.m.32 views

CVE-2014-0317

The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...

6.4AI score0.10249EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.55 views

Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)

This host is missing an important security update according to Microsoft Bulletin MS14-016. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.4CVSS5AI score0.10249EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/03/12 12:0 a.m.24 views

FreeBSD : samba -- multiple vulnerabilities (03e48bf5-a96d-11e3-a556-3c970e169bc2)

Samba project reports : In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5.8CVSS7.5AI score0.10642EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2014/03/11 12:0 a.m.52 views

samba -- multiple vulnerabilities

Samba project reports: In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available...

5.8CVSS8.3AI score0.10642EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2014/03/11 12:0 a.m.230 views

MS14-016: Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

A security feature bypass vulnerability exists in Windows due to the Security Account Manager Remote SAMR protocol incorrectly validating the user lockout state. Remote, authenticated attackers can exploit this issue to conduct brute force attacks against user passwords. Note that the host must...

5.4CVSS5.6AI score0.10249EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2014/03/11 12:0 a.m.7 views

PT-2014-1730 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows Server 2012 versions Gold through R2...

5.4CVSS6.4AI score0.10249EPSS
Exploits1References5
Samba
Samba
added 2014/03/11 12:0 a.m.2084 views

CVE-2013-4496: Password lockout not enforced for SAMR password changes

Description Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interface...

5CVSS9AI score0.10642EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.21 views

Nmap NSE 6.01: smb-enum-groups

Obtains a list of groups from the remote Windows system, as well as a list of the group's users. This works similarly to 'enum.exe' with the '/G' switch. The following MSRPC functions in SAMR are used to find a list of groups and the RIDs of their users. Keep in mind that MSRPC refers to groups a...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.9 views

Nmap NSE 6.01: smb-enum-users

Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see 'smb.lua'. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpfu...

7.4AI score
Exploits0
Rows per page
Query Builder