EulerOS Virtualization 2.11.0 : samba (EulerOS-SA-2024-1436)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when...

EulerOS Virtualization 2.11.1 : samba (EulerOS-SA-2024-1408)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when...

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

CVE-2023-4154

Samba CVE-2023-4154 describes a DirSync control flaw that exposes domain passwords/secrets to privileged users and RODCs, allowing access to all attributes (including krbtgt) and potentially bypassing the RODC/DC boundary. Exploitation is indicated as network-exploitable with low privileges and n...

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

Slackware: Security Advisory (SSA:2023-284-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] samba

New samba packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/samba-4.18.8-i586-1slack15.0.txz: Upgraded. This is a security release in order to address the following defects: Unsanitized pipe name...

Slackware Linux 15.0 / current samba Multiple Vulnerabilities (SSA:2023-284-03)

The version of samba installed on the remote host is prior to 4.18.8 / 4.19.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-284-03 advisory. - The SMB 1/2/3 protocols allow clients to connect to named pipes via the IPC$ Inter-Process Communication share for...

Samba AD DC password exposure to privileged

Description In normal operation, passwords and most secrets are never disclosed over LDAP in Active Directory. However, due to a design flaw in Samba's implementation of the DirSync control, Active Directory accounts authorized to do some replication, but not to replicate sensitive attributes, ca...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Samba vulnerabilities (USN-6425-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6425-1 advisory. Sri Nagasubramanian discovered that the Samba aclxattr VFS module incorrectly handled read-only files. When Samba is configured to...

GLSA-202309-06 : Samba: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-06 Samba: Multiple Vulnerabilities - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a...

K21312421: Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192

Security Advisory Description CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets. CVE-2021-23192 A flaw was found in the way samba implemented...

Samba AD users can forge password change requests for

Description Tickets received by the kpasswd service were decrypted without specifying that only that service's own keys should be tried. By setting the ticket's server name to a principal associated with their own account, or by exploiting a fallback where known keys would be tried until a suitab...

SUSE: Security Advisory (SUSE-SU-2022:2307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1311)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over t...

EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1295)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over t...

EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1246)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over t...

CVE-2020-25718

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets...

CVE-2020-25718

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets...

Design/Logic Flaw

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets...