3 matches found
CVE-2019-14847
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...
Samba Man in the Middle Security Bypass Vulnerability (Heimdal)
Samba is prone to a MITM authentication validation bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
"server signing = mandatory" not enforced
Description Due to a regression introduced in Samba 4.0.0, an explicit "server signing = mandatory" in the global section of the smb.conf was not enforced for clients using the SMB1 protocol. As a result it does not enforce smb signing and allows man in the middle attacks. This problem applies to...