samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

samba: Samba based active directory domain controller does not enforce smb signing

It was discovered that Samba did not enforce Server Message Block SMB signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server...

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

CVE-2016-3974

XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...

DEBIAN-CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL...

UBUNTU-CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL...

The vulnerability of the Solaris operating system, which allows a hacker to trigger a service failure

The vulnerability of the SMB Utilities sub-component of the Solaris operating system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause the operating system to become unresponsive, or in rare cases, to cause an emergency...

Moderate: Red Hat Security Advisory: samba security update

Updated samba packages that fix multiple security issues are now available for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CentOS Update for libsmbclient CESA-2016:0011 centos6

Check the version of libsmbclient SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882358";...

Moderate: Red Hat Security Advisory: samba security update

Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

realmd: untrusted data is used when configuring sssd.conf and/or smb.conf

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response...

The vulnerability of the web application for data synchronization with ownCloud allows a attacker to execute arbitrary SMB commands.

The vulnerability of the driver for the external SMB storage device used by web applications for data synchronization with ownCloud exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a maliciou...

ownCloud Server Arbitrary SMB Command Execution Vulnerability

ownCloud Server is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek; ownCloud Server is a server edition. An arbitrary SMB command execution vulnerability exists in ownCloud Server versions prior to 6.0.8, 8.0.4 prior to 8.0.x, and 7.0.6 pri...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to increase their privileges or cause service failures

The vulnerability of the SMB kernel implementation in the Mac OS X operating system is caused by a buffer overflow. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service interruptions...

The vulnerability of the Mac OS X operating system allows attackers to carry out network attacks on SMB servers.

The vulnerability of the Heimdal component in the Mac OS X operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to perform network attacks on SMB servers remotely...

Microsoft Windows Server Message Block Memory Corruption Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. A Server Message Block SMB is a server message block. A remote code execution vulnerability exists when the Server Message Block SMB in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properl...

The vulnerability of the Windows operating system allows a malicious individual to obtain user authentication information.

The vulnerability of the Windows operating system exists in the implementation of system calls such as URLDownloadA, URLDownloadW, URLDownloadToCacheFileA, URLDownloadToCacheFileW, URLDownloadToFileA, URLDownloadToFileW, URLOpenStream, and URLOpenBlockingStream. During these calls, the operating...

Cisco Wide Area Application Services (WAAS) SMB Handling Remote Denial of Service Vulnerability

Cisco Wide Area Application Services is a comprehensive WAN optimization solution that improves application performance in WAN environments, delivers video to branch offices and locally hosts branch office IT services. A security vulnerability exists in Cisco Wide Area Application Services that...

RedHat Update for samba3x RHSA-2015:0249-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

samba4 security update

CentOS Errata and Security Advisory CESA-2015:0250 Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which...