29 matches found
Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115)
Summary IBM Spectrum Protect Plus is vulnerable to man-in-the-middle attacks as it does not make SMB signing mandatory. Vulnerability Details CVEID: CVE-2016-2115 DESCRIPTION: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC...
Design/Logic Flaw
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...
Design/Logic Flaw
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL...
CVE-2015-5299
The shadowcopy2getshadowcopydata function in modules/vfsshadowcopy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORYLIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy...
CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets...
Mandriva Linux Security Advisory : samba (MDVSA-2013:278)
A vulnerability has been found and corrected in samba : Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an...
Samba read_nttrans_ea_list Integer Overflow
Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet. Important Note: in order to work, the "ea support" option o...
CVE-2013-4124
CVE-2013-4124 (Samba) is an integer overflow in read_nttrans_ea_list (nttrans.c) that can be triggered by a malformed EA list, potentially leading to memory consumption DoS. Affected are Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8. The initial entry specifies the vulnerabil...
CVE-2013-4124
Integer overflow in the readnttransealist function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service memory consumption via a malformed packet...
CVE-2013-0213
The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...
Input validation
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...
CVE-2012-1182
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...
FreeBSD Ports: samba34
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2011-2694
Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...
CVE-2011-2522
Multiple cross-site request forgery CSRF vulnerabilities in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that 1 shut down daemons, 2 start daemons, 3 add shares, 4 remove shares, 5 add printers...
CVE-2011-2694
Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...
Samba 3.x < 3.3.15 / 3.4.12 / 3.5.7 'FD_SET' Memory Corruption
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.3.15 / 3.4.12 / 3.5.7. An error exists in the range checks on file descriptors in the 'FDSET' macro that allows stack corruption. This corruption can cause Samba to crash or to continually try selecting...
CVE-2011-0719
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FDSET macro, which allows remote attackers to cause a denial of service stack memory corruption, and infinite loop or daemon crash by opening a large number of...
Memory corruption
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FDSET macro, which allows remote attackers to cause a denial of service stack memory corruption, and infinite loop or daemon crash by opening a large number of...