SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and...

samba -- Multiple vulnerabilities

The Samba Team reports: CVE-2022-2031 The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32744 The KDC...

Information leak via symlinks of existance of

Description All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this atta...

samba -- negative idmap cache entries vulnerability

The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...

Out of bounds read in AD DC LDAP server

Description A string in an LDAP attribute that contains multiple consecutive leading spaces can lead to a memmove of out of bounds memory in ldbhandlerfold. ldbhandlerfold is used by case insensitive strings - that is most string attributes - in Active Directory. As the search expression is...

Samba Releases Security Update for CVE-2020-1472

The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Use after free during DNS zone scavenging

Description Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time. This feature is controlled by the smb.conf option: dns zone scavenging = yes There is a use-after-free issue in this code, essentially due to a call to reall...

samba -- Unauthenticated domain takeover via netlogon

The Samba Team reports: An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw...

NULL pointer de-reference in Samba AD DC LDAP server

Description During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer,...

Samba 4.x Password Change Vulnerability

On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. ==================================================================== == Subject: Authenticated users can change other users' password == ==...

RedHat Update for samba RHSA-2017:3260-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Use-after-free vulnerability.

Description All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. Patch Availability...

Server memory information leak over SMB1

Description All versions of Samba are vulnerable to a server memory information leak bug over SMB1 if a client can write data to a share. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be...

Samba Vulnerability CVE-2017-7494

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host. Samba is used to provide SMB and CIFS services for Linux systems, and is...

samba -- client side SMB2/3 required signing can be downgraded

Samba team reports: A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters...

Pass to kill the Windows of Badlock? The How to repair? - Vulnerability warning-the black bar safety net

Badlock Bug Badlock Bug description 2 0 1 6 years 4 on 1 on 2, Windows and Samba revealed a very critical security vulnerabilities. Samba 4.4.2, and 4.3.8 and 4.2.11 security updates are available. Please update your system. We are very determined hackers will soon use this vulnerability to attac...

DSA-3514-1 samba - security update

Bulletin has no description...

Incorrect ACL get/set allowed on symlink path.

Description All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to a malicious client overwriting the ownership of ACLs using symlinks. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1 calls to...

Remote DoS in Samba (AD) LDAP server.

Description All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to an anonymous memory exhaustion attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server provided by the AD DC in the samba daemon process to consume unlimited memory an...