Samba: Server memory information leak over SMB1

An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker...

DEBIAN-CVE-2017-12893

The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:namelen...

Tcpdump SMB/CIFS Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tool allows users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer. A buffer overflow vulnerability exists in the SMB/CIFS parser in...

UBUNTU-CVE-2017-12893

The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:namelen...

CentOS 7 : samba (CESA-2017:1950)

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

NetApp Clustered Data ONTAP Heap Buffer Overflow Vulnerability

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from the American company NetApp. A heap buffer overflow vulnerability exists in the NetApp Clustered Data ONTAP SMB implementation, which allows remote attackers to exploit the vulnerability by submitting a speci...

Microsoft Windows SMB Special Message Denial of Service Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows SMB processing of special messages, which allows remote attackers to conduct denial-of-service attacks by sending special requests to ports 445 and 139...

CVE-2017-6727

A vulnerability in the Server Message Block SMB protocol of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More...

CVE-2017-6727

A vulnerability in the Server Message Block SMB protocol of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More...

Cisco Wide Area Application Services Denial of Service Vulnerability

Cisco Wide Area Application Services WAAS is the United States Cisco Cisco company's set of WAN link acceleration software. The software is mainly used for small bandwidth and high latency link environment. A denial of service vulnerability exists in the Server Message Block SMB service in Cisco...

CVE-2016-3400

NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol...

CVE-2016-3997

NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state...

NetApp Clustered Data ONTAP Man-in-the-Middle Attack Vulnerability

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. A man-in-the-middle attack vulnerability exists in the default...

The vulnerability of the Windows Search service in the Windows operating system allows a perpetrator to execute arbitrary code and gain unlimited access to the system.

The vulnerability of the Windows Search service in the Windows operating system is related to code errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and gain unrestricted access to the system by sending a specially crafted SMB message to the Windows Search...

The vulnerability of the Microsoft Server Message Block 1.0 (SMBv1) network protocol on the Windows operating system, which allows a hacker to cause a service failure.

The vulnerability of the Microsoft Server Message Block 1.0 SMBv1 protocol in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests remotely...

The vulnerability of the Microsoft Server Message Block 1.0 (SMBv1) network protocol on the Windows operating system allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the Microsoft Server Message Block 1.0 SMBv1 operating system in Windows is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures by manipulating certain requests...

Wanna Cry Again? NSA’s Windows 'EsteemAudit' RDP Exploit Remains Unpatched

Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB Server Message Block was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month. Although Microsoft released patches for SMB flaws for supported...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Gluster Storage 3.2 for RHEL 6 and Red Hat Gluster Storage 3.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

SMBv1 Server Detection

Binary data 700100.prm...

BSA-2017-338

Security Advisory ID : BSA-2017-338 Component : N/A Revision : 1.0: Final A ransomware calledWannaCryinfected computers in several countries. Computers that became infected had not been patched. Microsoft released a security bulletin on March 14th, 2017, titled Microsoft Security Bulletin MS17-01...