9 matches found
Information leak via symlinks of existance of
Description All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this atta...
Insufficient input validation on client directory
Description Samba releases 3.2.0 to 4.8.3 inclusive contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing. Patch Availability Patches addressing this issue have been posted to:...
CentOS 7 : samba (CESA-2017:2790)
An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ctdb, libsmbclient, libwbclient, samba security update
CentOS Errata and Security Advisory CESA-2017:2790 An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Denial of service in Samba Active Directory
Description All versions of Samba from 4.0.0 to 4.3.2 inclusive resp. all ldb versions up to 1.1.23 inclusive are vulnerable to a denial of service attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server in the samba daemon process to become...
Denial of service - Server crash/memory corruption
Description All current released versions of Samba are vulnerable to a denial of service on the smbd file server daemon. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request. The crash is caused by memory bein...
Denial of service - CPU loop
Description All current released versions of Samba are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. This flaw is not exploitable beyond causing the code to loo...
Memory leak/Denial of service.
Description Samba versions 3.6.0 to 3.6.2 inclusive are vulnerable to a memory leak that can cause a server denial of service. The Samba smbd daemon that listens for incoming connections leaks a small amount of memory on every connection attempt. Although this is a small leak, it happens on every...
Uninitialized read of a data value
Description The smbd daemon in Samba 3.0.31 - 3.3.5 contains an uninitialized read of a data value that can potentially affect access control. If a user is trying to modify an access control list ACL and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to...