15 matches found
CVE-2023-5568
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service...
Pulse Connect Secure Samba buffer overflow
Overview Pulse Connect Secure PCS gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the ability to connect to Windows file shares SMB. This capability is provide...
[slackware-security] samba
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/samba-3.5.5-i486-1slack13.1.txz: Upgraded. This upgrade fixes a buffer overflow in th...
CVE-2010-3069
Stack-based buffer overflow in the 1 sidparse and 2 domsidparse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted Windows Security ID SID on a file share...
CVE-2007-4572
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests...
CVE-2007-2446
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...
CVE-2007-2446
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...
CVE-2004-0686
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...
sambaPoC.txt
Hi, The following is a brief proof of concept exploit code for the vulnerability mentioned in "Evgeny Demidov" 's advisory: Samba 3.x swat preauthentication buffer overflow Running the perl script against a vulnerable SWAT server will cause: Program received signal SIGSEGV, Segmentation fault...
CVE-2003-0201
Buffer overflow in the calltrans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code...
Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow (2)
/ source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt...
Samba 2.2.x - call_trans2open Remote Buffer Overflow (2)
Samba 2.2.x - calltrans2open Remote Buffer Overflow 2 / source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, ...
CVE-2003-0085
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon smbd in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code...
[SECURITY] [DSA-200-1] Samba buffer overflow
Package : samba Problem type : remote exploit Debian-specific: no Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known...
CVE-1999-0182
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password...