EUVD-2017-2255

Malware in sbrugna...

A journey into forgotten Null Session and MS-RPC interfaces, part 2

In the first part of our research, I demonstrated how we revived the concept of no authentication null session after many years. This involved enumerating domain information, such as users, without authentication. I walked you through the entire process, starting with the difference between no-au...

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2024-0054)

The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities: - Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted...

A journey into forgotten Null Session and MS-RPC interfaces

A journey into forgotten Null Session and MS-RPC interfaces PDF It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null sessio...

An Overview of MS-RPC and Its Security Mechanisms

MS-RPC is a widely used protocol, but not much security research is done on it. In this blog, see an overview of MS-RPC and their security mechanisms...

Juniper Junos SRX Flowd Crash Vulnerability (JSA10811)

According to its self-reported version number, the remote Junos device is affected by a vulnerability where one or more ALGs enabled may cause a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104033;...

Design/Logic Flaw

Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target...

CVE-2017-10608

Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target...

CVE-2017-10608 SRX series: Junos OS: SRX series using IPv6 Sun/MS-RPC ALGs may experience flowd crash on processing packets.

Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target...

Ubuntu Update for samba vulnerabilities USN-460-1

Ubuntu Update for Linux kernel vulnerabilities USN-460-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4601.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for samba vulnerabilities USN-460-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Security Best Practice: Protect Yourself from MS-RPC and DCE-RPC Vulnerabilities

DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...

openSUSE 10 Security Update : samba (samba-3350)

Specially crafted MS-RPC packets could overwrite heap memory and therfore could potentially be exploited to execute code CVE-2007-2446. Authenticated users could leverage specially crafted MS-RPC packets to pass arguments unfiltered to /bin/sh CVE-2007-2447. A bug in the local SID/Name translatio...

openSUSE 10 Security Update : samba (samba-3349)

Specially crafted MS-RPC packets could overwrite heap memory and therfore could potentially be exploited to execute code CVE-2007-2446. Authenticated users could leverage specially crafted MS-RPC packets to pass arguments unfiltered to /bin/sh CVE-2007-2447. %NASLMINLEVEL 70300 C Tenable Network...

Non Compliant MS-RPC

...

Unauthenticated DCOM SystemActivation/RemoteActivation traffic (CVE-2003-0352; CVE-2003-0605; CVE-2003-0715)

There are several known and widely exploited vulnerabilities through the use of DCOM over MS-RPC. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS...

Design/Logic Flaw

Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted ...

CVE-2007-4044

CVE-2007-4044 entry is rejected/not used and does not represent an active vulnerability.

FreeBSD : samba -- multiple vulnerabilities (3546a833-03ea-11dc-a51d-0019b95d4f14)

The Samba Team reports : A bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal...

Debian DSA-1291-1 : samba - several vulnerabilities

Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux. - CVE-2007-2444 When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a...

Mandrake Linux Security Advisory : samba (MDKSA-2007:104-1)

A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server CVE-2007-2446. A remote...