Linux Distros Unpatched Vulnerability : CVE-2021-3738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handle...

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared the user credentials state was only pointed at and when one connection within that association group ended the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

...

Fedora: Security Advisory (FEDORA-2023-8892fc09e9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in EfLосаlDb (NuGet)

--- -= Per source details. Do not edit below this line.=-...

OPENSUSE-SU-2024:10074-1 ldb-tools-1.1.27-1.1 on GA media

These are all security issues fixed in the ldb-tools-1.1.27-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12241-1 ldb-tools-2.5.2-1.1 on GA media

These are all security issues fixed in the ldb-tools-2.5.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11882-1 ldb-tools-2.4.2-1.1 on GA media

These are all security issues fixed in the ldb-tools-2.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12830-1 ldb-tools-2.7.2-1.1 on GA media

These are all security issues fixed in the ldb-tools-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

openSUSE: Security Advisory for ldb, samba (SUSE-SU-2022:2586-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper...

Amazon Linux 2023 : ldb-tools, libldb, libldb-devel (ALAS2023-2023-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-187 advisory. Access controlled AD LDAP attributes can be discovered CVE-2023-0614 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...

Malicious code in @leanmull/ldb-decryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d4e66532be866fa2974fbd1653c75fa4bec095ad78503c70b153fb75c8445a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mageia: Security Advisory (MGASA-2023-0127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5992-1 ldb vulnerability

Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information...

SUSE: Security Advisory (SUSE-SU-2023:1687-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ldb, samba (SUSE-SU-2023:1689-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1689-1 advisory. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can acce...

SUSE SLES15 Security Update : ldb, samba (SUSE-SU-2023:1687-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1687-1 advisory. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a...

SUSE-SU-2023:1689-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module bsc1201490. - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes bso15270 bsc1209485. samba: - CVE-2023-0922: Fixed cleartext...

SUSE-SU-2023:1687-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module bsc1201490. - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes bso15270 bsc1209485. samba: - CVE-2023-0922: Fixed cleartext...

SUSE CVE-2008-3789

Samba 3.2.0 uses weak permissions 0666 for the 1 groupmapping.tdb and 2 groupmapping.ldb files, which allows local users to modify the membership of Unix groups...