Azure Linux 3.0 Security Update: samba (CVE-2019-3870)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-3870 advisory. - A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the...

Azure Linux 3.0 Security Update: samba (CVE-2020-25718)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25718 advisory. - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC...

PT-2024-40387 · Silverstripe · Silverstripe/Taxonomy Module

Name of the Vulnerable Software and Affected Versions: silverstripe/taxonomy module affected versions not specified Description: The issue is related to SQL injection in the silverstripe/taxonomy module. It specifically affects the TaxonomyDirectoryController controller, which is disabled by...

SUSE CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

USN-5993-1 samba vulnerabilities

Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. CVE-2023-0614 Andrew Bartlett discovered that the Samba AD DC admin tool...

SUSE CVE-2018-16857

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords to restrict brute forcing of passwords in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been...

SUSE CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the poorly named dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default...

OESA-2022-1735 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: MaxQueryDuration not honoured in Samba AD DC LDAPCVE-2021-3670...

USN-3738-1 samba vulnerabilities

Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-10858 Volker Mauel discovered that Samba...

UBUNTU-CVE-2018-1140

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable...