6 matches found
Authenticated users can change other users' password
Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts eg Domain...
The LDAP client and server don't enforce integrity protection
Description Samba uses various LDAP client libraries, a builtin one and/or the system ldap libraries typically openldap. As active directory domain controller Samba also provides an LDAP server. Samba takes care of doing SASL GSS-SPNEGO authentication with Kerberos or NTLMSSP for LDAP connections...
Insufficient symlink verification in smbd.
Description All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with...
Unexpected code execution in smbd.
Description All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet...
Denial of service - CPU loop
Description All current released versions of Samba are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. This flaw is not exploitable beyond causing the code to loo...
Denial of service - Server crash/memory corruption
Description All current released versions of Samba are vulnerable to a denial of service on the smbd file server daemon. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request. The crash is caused by memory bein...