Multiple errors in DCE-RPC code.

Description Versions of Samba from 3.6.0 to 4.4.0 inclusive are vulnerable to denial of service attacks crashes and high cpu consumption in the DCE-RPC client and server implementations. In addition, errors in validation of the DCE-RPC packets can lead to a downgrade of a secure connection to an...

Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)

Binary data 9233.prm...

SAMR and LSA man in the middle attacks possible

Description The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These...

Windows 8.1 - DCOM DCE/RPC Local NTLM Reflection Privilege Escalation (MS15-076) Exploit

Exploit for windows platform in category local exploits Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory Usage: trebuchet.exe...

Microsoft Windows 8.1 - DCOM DCE/RPC Local NTLM Reflection Privilege Escalation (MS15-076)

Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory Usage: trebuchet.exe C:\Users\Bob\Evil.txt C:\Windows\System32\Evil.dll This is a lightly...

Microsoft Windows Remote Procedure Call Privilege Elevation Vulnerability (3067505)

This host is missing an important security update according to Microsoft Bulletin MS15-076. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-2370

CVE-2015-2370 involves an elevation-of-privilege flaw in Windows RPC/DCOM: the DCE/RPC reflection enables a local attacker to gain privileges via a crafted OBJREF, allowing a local user to trigger RPC auth relaying. Affected products span Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2...

SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)

This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectl...

Windows NTLM Weak Nonce Vulnerability

No description provided by source. Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] - Agustin Azubel [email protected] Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability Advisory ID: OCHOA-2010-0209 Advisory UR...

Snort 2 DCE/RPC preprocessor Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

openSUSE Security Update : samba (openSUSE-SU-2013:1921-1)

" - Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; bnc844720. + pamwinbind login without requiremembershipof restrictions; CVE-2012-6150; bnc853347. - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression...

openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

"Samba was updated to fix security issues and bugs : Security issues fixed : - Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords. CVE-2013-4496; bnc849224. - The DCE-RPC fragment length field is incorrectly checked, which could expose samba...

Samba buffer overflow

Buffer overflow on DCE-RPC packet parsing...

CentOS Update for samba4 CESA-2013:1805 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for samba and samba3x RHSA-2013:1806-01

Check for the Version of samba and samba3x OpenVAS Vulnerability Test RedHat Update for samba and samba3x RHSA-2013:1806-01 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Ubuntu Update for samba USN-2054-1

Check for the Version of samba OpenVAS Vulnerability Test $Id: gbubuntuUSN20541.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for samba USN-2054-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Ubuntu: Security Advisory (USN-2054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for samba4 RHSA-2013:1805-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for libsmbclient CESA-2013:1806 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated samba package fixes multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Samba before 3.6.22 incorrectly allows login from authenticated users if the requiremembershipof parameter of pamwinbind specifies only invalid group names CVE-2012-6150. It was discovered that multiple buffer overflows in the processing of...