Wide links protection broken

Description Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd...

Samba 3.0.0 <= 3.0.1 Vulnerability (CVE-2004-0082)

mksmbpasswd shell script may create accounts with easily guessable passwords. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

An authenticated user can crash the DCE/RPC DNS with

Description Some DNS records such as MX and NS records usually contain data in the additional section. Samba's dnsserver RPC pipe which is an administrative interface not used in the DNS server itself made an error in handling the case where there are no records present: instead of noticing the...

Client code can return filenames containing

Description Samba client code libsmbclient returns server-supplied filenames to calling code without checking for pathname separators such as "/" or "../" in the server returned names. A malicious server can craft a pathname containing separators and return this to client code, causing the client...

A Samba AD DC may provide authenticated users with

Description In AD, Access Control Entries can be assigned based on the objectClass of the object. If a user or a group the user is a member of has any access based on the objectClass, then that user has write access to that object. Additionally, if a user has write access to any attribute on the...

"root" credential remote code execution.

Description Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. The code generator for Samba's remote procedure call RPC code contained an error which caused it to generate code...

Cross-Site Request Forgery in SWAT

Description All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT. In order to be...

Formatstring vulnerability in smbclient

Description The smbclient utility in Samba 3.2.0 - 3.2.12 contains a formatstring vulnerability where commands dealing with file names treat user input as format strings to asprintf. An example is: smb: \ put aa%3Fbb putting file aa%3Fbb as \aa0,000000bb 0,0 kb/s average 0,0 kb/s As is obvious,...

Boundary failure in GETDC mailslot

Description Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect is only be exploited when the "domain logons" parameter has been enabled in smb.conf. Patch Availability A patch addressing this defect has been posted to...