EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-1829)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Netlogon RPC Elevation of Privilege Vulnerability CVE-2022-38023 Note that Tenable Network Security has extracted the preceding description block...

AlmaLinux 9 : samba (ALSA-2023:2127)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2127 advisory. - Netlogon RPC Elevation of Privilege Vulnerability CVE-2022-38023 Note that Nessus has not tested for this issue but has instead relied only on the application's...

K93951507: Multiple Samba vulnerabilities

Security Advisory Description CVE-2020-1472 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC, aka 'Netlogon Elevation of Privilege Vulnerability'...

SUSE CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

SUSE CVE-2008-6800

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not a security issue. It was originally created based on one vendor's misinterpretation of an upstream changelog comment that referred to a race condition in the winbind daemon aka winbindd in Samba before 3.0.32. The...

SUSE CVE-2011-0719

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FDSET macro, which allows remote attackers to cause a denial of service stack memory corruption, and infinite loop or daemon crash by opening a large number of...

SUSE CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

SUSE CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service...

SUSE SLES12 Security Update : samba (SUSE-SU-2023:0122-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0122-1 advisory. - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local use...

Amazon Linux 2 : samba, --advisory ALAS2-2021-1649 (ALAS-2021-1649)

The version of samba installed on the remote host is prior to 4.10.16-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1649 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

Description This is Samba's response to Microsoft's CVE-2022-3802312. Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac also known as arcfour-hmac-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel DCE/RPC bulk encryption i...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-2401)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:2307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2307-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS...

samba security, bug fix, and enhancement update

4.15.5-5 - resolves: rhbz2064325 - Fix 'create krb5 conf = yes' when a KDC has a single IP address. 4.15.5-4 - resolves: rhbz2057503 - Fix winbind kerberos ticket refresh 4.15.5-3 - related: rhbz1979959 - Fix typo in testparm output 4.15.5-2 - resolves: rhbz1979959 - Improve idmap autorid sanity...

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2022-0058)

The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory...

AlmaLinux 8 : samba (ALSA-2021:1647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1647 advisory. - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, usin...

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above...

samba: Unprivileged user can crash winbind

A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability...

RHEL 7 : samba (RHSA-2021:3723)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3723 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It...