SUSE: Security Advisory for samba (SUSE-SU-2016:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SMB client connections for IPC traffic are not integrity protected

Description Samba has an option called "client signing", this is turned off by default for performance reasons on file transfers. This option is also used when using DCERPC with ncacnnp. In order to get integrity protection for ipc related communication by default the "client ipc signing" option ...

Moderate: Red Hat Bug Fix Advisory: samba bug fix and enhancement update

Updated samba packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines...

openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)

" - Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the 'root' user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; bso8815...

openSUSE Security Update : samba (openSUSE-SU-2014:0404-1)

"Samba was updated to 4.1.6, fixing bugs and security issues : - Password lockout not enforced for SAMR password changes, this allowed brute forcing of passwords; CVE-2013-4496; bnc849224. - smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; bnc855866. Also the following bugs...

openSUSE Security Update : ldapsmb (openSUSE-SU-2010:0653-1)

A buffer overflow in the sidparse function of samba could potentially be exploited by remote attackers to execute arbitrary code CVE-2010-3069. Additionally the update also contains fixes for the following non-security issues : bnc567013 - Failed to join ADS Domain bnc573246 - mounted shares via...

samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

CentOS Update for libsmbclient CESA-2013:1806 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

DCE-RPC fragment length field is incorrectly checked.

Description Samba versions 3.4.0 and above versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2 are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the...

UBUNTU-CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

samba4 security update

4.0.0-60.rc4 - resolves: 1018039 - Fix CVE-2013-4408. 4.0.0-59.rc4 - Fix usage of client min/max protocol options in winbindd - related: 949993...

SuSE 11.2 Security Update : Samba (SAT Patch Number 6145)

"The following issues have been fixed in Samba : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. CVE-2012-1182 - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. CVE-2012-0870 - Fix...

SuSE 11 / 11.1 Security Update : Samba (SAT Patch Numbers 3099 / 3100)

A buffer overflow in the sidparse function of samba could potentially be exploited by remote attackers to execute arbitrary code. CVE-2010-3069 Additionally the update also contains fixes for the following non-security issues : - Failed to join ADS Domain. bnc567013 - Samba 3.0 / 3.2 doesn't work...

SuSE9 Security Update : Samba (YOU Patch Number 12644)

A buffer overflow in the sidparse function of samba could potentially be exploited by remote attackers to execute arbitrary code. CVE-2010-3069 Additionally the update also contains fixes for the following non-security issues : - bnc567013 - Failed to join ADS Domain - bnc592198 - Samba 3.0 / 3.2...

openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0658-1)

A buffer overflow in the sidparse function of samba could potentially be exploited by remote attackers to execute arbitrary code CVE-2010-3069. Additionally the update also contains fixes for the following non-security issues: bnc567013 - Failed to join ADS Domain bnc592198 - Samba 3.0 / 3.2...