Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which stems from the incorrect escaping of shell metacharacters when the “check password” script uses the %u character...

SUSE CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

Linux Distros Unpatched Vulnerability : CVE-2026-4408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the check password...

Linux Distros Unpatched Vulnerability : CVE-2026-3012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto- enrollment is enabled, Samba may retrieve a CA certificate...

Samba 数据伪造问题漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to data falsification, which stems from the automatic certificate registration group policy processing. This process involves retrieving CA certificates via...

Samba 安全漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a security vulnerability, which stems from insufficient validation during the renaming process involving the vfsworm module. This vulnerability could allow authenticated users to...

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

Linux Distros Unpatched Vulnerability : CVE-2026-4480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the print command...

CLSA-2026-1778859875 samba: Fix of CVE-2025-0620

Fix CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017656 advisory. A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017653 advisory. A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a...

Astra Linux - уязвимость в samba

A flaw was discovered in the way samba handled file and directory permissions. A authenticated user could exploit this flaw to gain access to certain file and directory information that would otherwise be unavailable to the attacker...

Astra Linux - уязвимость в samba, heimdal

A null pointer de-reference was detected in the way the Samba Kerberos server handled the absence of the sname in the TGS-REQ Ticket Granting Server – Request. A authenticated user could exploit this flaw to crash the Samba server...

Astra Linux - уязвимость в samba

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client that can exploit the race condition of SMB1 or NFS to create a directory in an area of the server file system that is not exported under the share definition. Note that SMB1 must be enabled, or the share must also be...

Astra Linux - уязвимость в samba

The Samba vfsfruit module utilizes extended file attributes EA, xattr to enhance compatibility with Apple SMB clients and interoperability with Netatalk 3 AFP file servers. Samba versions prior to 4.13.17, 4.14.12, and 4.15.5, when vfsfruit was configured, allowed out-of-bounds heap read and writ...

Astra Linux - уязвимость в samba

A flaw was discovered in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, allowing for full domain takeover...

Astra Linux - уязвимость в samba

A flaw was discovered in Samba. Users of Samba AD can cause the server to access uninitialized data through an LDAP add or modify request, typically resulting in a segmentation fault...

Astra Linux - уязвимость в samba

Windows Kerberos Elevation of Privilege Vulnerability...

Astra Linux - уязвимость в samba

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions, when the Samba VFS module “aclxattr” is configured with “aclxattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only...