CVE-2026-3238 Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

CVE-2026-3238

Denial of service against AD DC WINS server...

Astra Linux - уязвимость в samba

A vulnerability was discovered in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack components. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one...

CLSA-2025-1765285897 Fix CVE(s): CVE-2021-3738

SECURITY UPDATE: use after free in Samba AD DC RPC server - debian/patches/CVE-2021-3738-pre.patch: prepare service routines before fixing CVE-2021-3738 - debian/patches/CVE-2021-3738.patch: avoids a crash caused by use-after-free in Samba AD DC RPC server - CVE-2021-3738.patch...

Debian DSA-5015-1 : samba - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5015 advisory. Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way. This could allo...

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

Design/Logic Flaw

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes for example,...

K15642: Samba vulnerability CVE-2013-4476

Security Advisory Description Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local...

SUSE CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name...

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

OESA-2021-1461 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was discovered in the way samba implements SMB1 authentication. Even if Kerberos authentication is required, an attacker can use this flaw to retrieve the clear text password sent over the...

DEBIAN-CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the poorly named dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default...

UBUNTU-CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name...

ALPINE-CVE-2018-16853

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore t...

Design/Logic Flaw

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service memory consumption and daemon crash via crafted packets...

CVE-2015-7540

Samba CVE-2015-7540 affects the LDAP server in the AD DC of Samba 4.x prior to 4.1.22, where return values aren’t checked during ASN.1 memory allocation. This allows remote attackers to cause a denial of service through crafted packets that exhaust memory and crash the daemon. Remediation is to u...

Post Windows Gather NTDS.DIT Location

This module will find the location of the NTDS.DIT file from the Registry, check that it exists, and display its location on the screen, which is useful if you wish to manually acquire the file using ntdsutil or vss. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2013-4408

Samba vulnerability CVE-2013-4408: A heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function (librpc/rpc/dcerpc_util.c) in winbindd allows remote code execution via an invalid fragment length in a DCE-RPC packet. Affected releases: Samba 3.x before 3.6.22, 4.0.x before 4.0.13, an...

CVE-2013-4476

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...

Design/Logic Flaw

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...