Low: samba

Issue Overview: All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via...

Medium: samba

Issue Overview: When doing NTLM authentication, the client sends replies to cryptographic challenges back to the server. These replies have variable length. Winbind did not properly bounds-check the lan manager response length, which despite the lan manager version no longer being used is still...

SUSE-SU-2023:4096-1 Security update for samba

This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. bsc1215904 - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep call on AD DC. bso1215905 - CVE-2023-4154:...

samba security, bug fix, and enhancement update

evolution-mapi 3.40.1-5 - Related: 2131993 Rebuild against samba 4.17 openchange 2.3-40 - Related: 2131993 Rebuild against samba 4.17 samba 4.17.5-102.0.1 - Fix memleak in nsswinbindinitgroupsdyn Orabug: 34994509 4.17.5-102 - resolves: rhbz2169980 - Fix winbind memory leak - resolves: rhbz2156056...

SUSE SLES12 Security Update : samba (SUSE-SU-2023:1684-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1684-1 advisory. - The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a...

SUSE-SU-2022:4395-1 Security update for samba

This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords bsc1201495. - CVE-2022-32742: Fixed SMB1 code that does not correctly verify...

SUSE-SU-2022:0284-1 Security update for samba

This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfsfruit module. bsc1194859...

SUSE-SU-2016:0032-1 Security update for samba

This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB bnc958586. - CVE-2015-5252: Insufficient symlink verification file access outside the share bnc958582. - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the...

Samba Web Administration Tool vulnerable to cross-site scripting

Overview Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji...

Samba Web Administration Tool vulnerable to cross-site request forgery

Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...