MiracleLinux 7 : samba-4.10.16-9.0.1.el7.AXS7 (AXSA:2020-1012:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1012:06 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

CVE-2020-18170

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

USN-4931-1 samba vulnerabilities

Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. CVE-2020-14318 Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

Information Disclosure

samba is vulnerable to information disclosure. A missing permissions check on a directory handle requesting ChangeNotify meant that a client with a directory handle open only for FILEREADATTRIBUTES minimal access rights could be used to obtain change notify replies from the server. These replies...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...