818 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.36 bug fix and security update
Red Hat OpenShift Container Platform release 4.19.36 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.27 bug fix and security update
Red Hat OpenShift Container Platform release 4.20.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.22 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
RHEL 7 : samba (RHSA-2026:28132)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28132 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
Astra Linux – Vulnerability in Samba
A out-of-bounds read vulnerability was discovered in Samba due to insufficient length checks in the winbinddpamauthcrap.c file. When performing NTLM authentication, the client sends cryptographic challenges back to the server. These responses have varying lengths, and Winbind fails to check the...
Astra Linux – Vulnerability in Samba
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...
Astra Linux – Vulnerability in Samba
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions, when the Samba VFS module “aclxattr” is configured with “aclxattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only...
Astra Linux – Vulnerability in Samba
The Samba vfsfruit module utilizes extended file attributes EA, xattr to enhance compatibility with Apple SMB clients and interoperability with Netatalk 3 AFP file servers. Samba versions prior to 4.13.17, 4.14.12, and 4.15.5, when vfsfruit was configured, allowed out-of-bounds heap read and writ...
Astra Linux – Vulnerability in Samba
MaxQueryDuration is not honored in Samba AD DC LDAP...
Astra Linux – Vulnerability in Samba
Windows Kerberos Elevation of Privilege Vulnerability...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way samba handled file and directory permissions. A authenticated user could exploit this flaw to gain access to certain file and directory information that would otherwise be unavailable to the attacker...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. The security vulnerability occurs when the KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other’s tickets. A user who has been requested to change their password can exploit this flaw to obtain and use tickets for...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. Users of Samba AD can cause the server to access uninitialized data through an LDAP add or modify request, typically resulting in a segmentation fault...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, allowing for full domain takeover...
Astra Linux – Vulnerability in Samba
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client that can exploit the race condition of SMB1 or NFS to create a directory in an area of the server file system that is not exported under the share definition. Note that SMB1 must be enabled, or the share must also be...
Astra Linux – Vulnerability in Samba, Heimdal
A null pointer de-reference was detected in the way the Samba Kerberos server handled the absence of the sname in the TGS-REQ Ticket Granting Server – Request. A authenticated user could exploit this flaw to crash the Samba server...
Astra Linux – Vulnerability in Heimdal, Samba
A heap-based buffer overflow vulnerability was discovered in Samba, specifically within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow for a length-limited write buffer overflow on memory allocated by malloc,...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way Samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it, an attacker could replace the later fragments with their own data, thereby bypassing the signature requirements...
Astra Linux – Vulnerability in Samba
The fixes in 4.6.16, 4.7.9, 4.8.4, and 4.9.7 for CVE-2018-10919, which address the issue of confidential attributes being disclosed via LDAP filters, were insufficient. An attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...
Astra Linux – Vulnerability in Samba
Samba does not validate the Validated-DNS-Host-Name property for the dNSHostName attribute, which may allow unprivileged users to modify it...