Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 samba security, bug fixes and enhancement update

An update for samba is now available for Red Hat Gluster Storage 3.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

RHEL 6 : samba (RHSA-2017:0662)

An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: samba4 security and bug fix update

An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

Moderate: Red Hat Security Advisory: samba security and bug fix update

An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities

Binary data 9857.prm...

SUSE-SU-2016:3298-1 Security update for samba

This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441 - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. bsc1014442 Non security issues fixed: ...

Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.3.x prior to 4.3.13, 4.4.x prior to 4.4.8, or 4.5.x prior to 4.5.3. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the ndrpulldnspname function in ndrdnsp.c that is triggered when handling 'dnsRecord'...

Samba Remote Denial of Service Vulnerability

Samba is a set of free software developed by the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A remote denial of...

Debian DSA-3740-1 : samba - security update

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded,...

Flaws in Kerberos PAC validation can trigger privilege elevation.

Description The winbindd part of Samba offers verification and unpacking of the PAC Privilege Attribute Certificate received via Kerberos. When parsing the PAC, winbindd may write beyond the allocated buffer, however the data involved is from the server private key and so not user-controlled...

UBUNTU-CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

samba -- multiple vulnerabilities

Samba team reports: CVE-2016-2123 Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption. CVE-2016-2125 Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which...

The vulnerability of Samba software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling of buffers in dynamic memory in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba allows remote domain controllers to execute arbitrary code, by using an invalid fragment length in the DCE-RPC packet...

Security update for samba (important)

samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

"Samba was updated to the 4.2.x codestream, bringing some new features and security fixes bsc973832, FATE320709. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgrad...