30 matches found
CVE-2026-3238
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...
EUVD-2018-8651
Malware in sbrugna...
EUVD-2014-7986
Malware in sbrugna...
EUVD-2019-5959
Malware in sbrugna...
AD CS Certificate Template Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AD CS Certificate Template Management', 'Description' = %q This module can create, read, update, and delete AD CS certificate templates from a...
Amazon Linux 2022 : samba (ALAS2022-2022-224)
The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-224 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the...
Buffer overflow in Heimdal unwrap_des3()
Description The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet. Examples of where Samba can use GSSAPI include the client and...
Slackware: Security Advisory (SSA:2015-020-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-36160
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories...
Design/Logic Flaw
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...
CVE-2020-36160
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories...
EulerOS Virtualization for ARM 64 3.0.6.0 : samba (EulerOS-SA-2020-2012)
According to the version of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests ...
EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1882)
According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory...
USN-4454-2 samba vulnerability
USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT...
CVE-2019-14833
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...
EulerOS 2.0 SP8 : samba (EulerOS-SA-2019-1780)
According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A double-free was found when Samba's KDC is used as an Active Directory Domain Controller. An authenticated attacker could use this flaw to cause a...
CVE-2018-16851
A null pointer dereference was found in the way LDAP search was implemented when Samba is used as Active Directory Domain Controller. A remote, authenticated attacker could use this flaw to cause a denial of service application crash...
CVE-2018-1140
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable...
CVE-2018-1140
CVE-2018-1140 describes a null pointer dereference in Samba when operating as an Active Directory Domain Controller, caused by insufficient validation of DNS requests. The vulnerability allows a remote attacker to crash the Samba AD DC, yielding a Denial of Service. Affected software: Samba (AD D...
CVE-2018-1140
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable...