434 matches found
CVE-2021-3738
In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...
CVE-2021-23192
CVE-2021-23192 describes a vulnerability in Samba where a client sending a very large DCE/RPC request and fragmenting it can have later fragments replaced with attacker data, bypassing signature requirements. Concrete details in connected documents show affected software (Samba) and the root caus...
CVE-2021-3738
CVE-2021-3738 affects Samba’s AD DC RPC server where memory could be freed in a sub-connection, leaving a stale struct session_info. Impact described as potential crash with a use-after-free that could allow higher-privilege state to be referenced. Affected context appears in Samba advisories and...
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...
Mageia: Security Advisory (MGASA-2013-0369)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : samba (RHSA-2022:0008)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0008 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
CentOS 8 : samba (CESA-2021:5082)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:5082 advisory. - samba: SMB1 client connections can be downgraded to plaintext authentication CVE-2016-2124 - samba: Active Directory AD domain user could become root...
Oracle Linux 8 : samba (ELSA-2021-5082)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5082 advisory. - related: rhbz2021171 - Fix CVE-2020-25717 - related: rhbz2021171 - Fix CVE-2020-25717 Tenable has extracted the preceding description block directly...
samba security update
An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...
Important: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Active Directory AD domain user could become root...
RLSA-2021:5082 Important: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Active Directory AD domain user could become root...
RHEL 8 : samba (RHSA-2021:5082)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5082 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
RHEL 8 : samba (RHSA-2021:4843)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4843 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Gluster Storage 3.5 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Ubuntu: Security Advisory (USN-5142-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Samba Input Validation Error Vulnerability (CNVD-2021-87030)
Samba is the standard Windows interoperability suite for Linux and Unix. samba is vulnerable to an input validation error, which stems from a flaw found in the way samba implements DCE/RPC. If a client of the Samba server sends a very large DCE/RPC request and chooses to segment it, an attacker...
USN-5142-1 samba vulnerabilities
Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124 Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An...
Samba 4.10.0 < 4.13.14, 4.14.0 < 4.14.10, 4.15.0 < 4.15.2 DCE/RPC Fragment Injection Vulnerability
Samba is prone to a DCE/RPC fragment injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...