13 matches found
Subsequent DCE/RPC fragment injection vulnerability
Description Samba implements DCE/RPC, and in most cases it is provided over and protected by the underlying SMB transport, with protections like 'SMB signing'. However there are other cases where large DCE/RPC request payloads are exchanged and fragmented into several pieces. If this happens over...
Samba AD DC did not correctly sandbox
Description Samba as an Active Directory Domain Controller is able to support an RODC, which is meant to have minimal privileges in a domain. However, in accepting a ticket from a Samba or Windows RODC, Samba was not confirming that the RODC is authorized to print such a ticket, via the...
Empty UDP packet DoS in Samba AD DC nbtd
Description The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137. The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the...
Use-after-free in Samba AD DC LDAP Server with ASQ
Description Samba has, since Samba 4.0, supported the Paged Results LDAP feature, to allow clients to obtain pages of search results against a Samba AD DC using an LDAP control. Since Samba 4.7.11 and 4.8.6 a Denial of Service prevention has been in place in this module, to age out old client...
[SECURITY] [DSA 4660-1] awl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq -...
Replication of ACLs set to inherit down a
Description A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made. For example: - if a user or group was previously delegated the right to create or modify a subtree say to allow desktop suppor...
Samba AD DC zone-named record Denial of
Description The poorly named dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used fo...
USN-2477-1: libevent vulnerability
Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code...
libevent -- integer overflow in evbuffers
Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this fla...
CentOS Update for samba4 CESA-2014:0383 centos6
Check for the Version of samba4 OpenVAS Vulnerability Test CentOS Update for samba4 CESA-2014:0383 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
CentOS Update for libsmbclient CESA-2014:0330 centos6
Check for the Version of libsmbclient OpenVAS Vulnerability Test CentOS Update for libsmbclient CESA-2014:0330 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
USN-2156-1: Samba vulnerability
Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords...
RHEL 6 : samba and samba3x (RHSA-2014:0330)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0330 advisory. Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows...