Lucene search
K

6 matches found

Samba
Samba
added 2018/03/13 12:0 a.m.637 views

Authenticated users can change other users' password

Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts eg Domain...

8.8CVSS8.7AI score0.10308EPSS
Exploits1
Samba
Samba
added 2016/04/12 12:0 a.m.550 views

The LDAP client and server don't enforce integrity protection

Description Samba uses various LDAP client libraries, a builtin one and/or the system ldap libraries typically openldap. As active directory domain controller Samba also provides an LDAP server. Samba takes care of doing SASL GSS-SPNEGO authentication with Kerberos or NTLMSSP for LDAP connections...

5.9CVSS0.2AI score0.09345EPSS
Exploits0
Samba
Samba
added 2015/12/16 12:0 a.m.517 views

Insufficient symlink verification in smbd.

Description All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with...

7.2CVSS6.7AI score0.13274EPSS
Exploits1
Samba
Samba
added 2015/02/23 12:0 a.m.571 views

Unexpected code execution in smbd.

Description All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet...

10CVSS8.5AI score0.87636EPSS
Exploits7
Samba
Samba
added 2014/06/23 12:0 a.m.539 views

Denial of service - CPU loop

Description All current released versions of Samba are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. This flaw is not exploitable beyond causing the code to loo...

3.3CVSS7.5AI score0.20481EPSS
Exploits0
Samba
Samba
added 2014/06/23 12:0 a.m.519 views

Denial of service - Server crash/memory corruption

Description All current released versions of Samba are vulnerable to a denial of service on the smbd file server daemon. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request. The crash is caused by memory bein...

2.7CVSS9.2AI score0.07269EPSS
Exploits0
Rows per page
Query Builder