38 matches found
Astra Linux – Vulnerability in Samba
The fixes in 4.6.16, 4.7.9, 4.8.4, and 4.9.7 for CVE-2018-10919, which address the issue of confidential attributes being disclosed via LDAP filters, were insufficient. An attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...
EUVD-2023-12649
Malicious code in bioql PyPI...
The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
...
Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2023-2727)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2023-2758)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2023-2650)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 36 : libldb / samba (2023-1c172e3264)
The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-1c172e3264 advisory. Update to ldb 2.5.3 and samba 4.16.10 Security fixes for CVE-2023-0922, CVE-2023-0614 Tenable has extracted the preceding description block directly...
Design/Logic Flaw
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...
CVE-2023-0614
CVE-2023-0614 affects Samba’s AD DC LDAP server, where incomplete remediation in the fixes for CVE-2018-10919 left the system vulnerable to confidential attribute disclosure via LDAP filters. Public details in connected documents show that Samba versions prior to 4.6.16, 4.7.9, and 4.8.4 remain a...
SUSE SLES15 Security Update : ldb, samba (SUSE-SU-2023:1687-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1687-1 advisory. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a...
Debian: Security Advisory (DLA-1539-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2318-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3161-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-2484)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-10918 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a NULL pointer dereference when checking database outputs from the LDB database layer. If Samba is in an...
EulerOS 2.0 SP2 : samba (EulerOS-SA-2019-2484)
According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated...
Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919)
Summary There are multiple security vulnerabilities in Samba that affect IBM Spectrum Protect Plus. These vulnerabilities may result in potential information disclosure, denial of service, or execution of arbitrary code on the system. Vulnerability Details CVEID: CVE-2018-1139 DESCRIPTION: Samba...
Fedora 28 : 2:samba / libldb (2018-bc22d6c7bc)
Update to Samba 4.8.4, Security fix for CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2018:2318-1)
This update for samba fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; bsc1095048 - CVE-2018-1140: ldbsearch 'distinguishedName=abc' and DNS query with escapes crashes; bsc1095056 - CVE-2018-10919:...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A malicious server could return a directory entry that could corrupt libsmbclient memory CVE-2018-10858. Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions CVE-2018-10919. Th...