SUSE: Security Advisory (SUSE-SU-2021:1439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : samba (openSUSE-2021-636)

This update for samba fixes the following issues : - CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. - CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. - Avoid...

SUSE SLES12 Security Update : samba (SUSE-SU-2021:1439-1)

This update for samba fixes the following issues : CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. Adjust smbcacls '--propagate-inheritance' feature to align with upstream bsc1178469. Note that Tenable Network Security has extracted the preceding description block directly fro...

SUSE SLES15 Security Update : samba (SUSE-SU-2021:1445-1)

This update for samba fixes the following issues : CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. Avoid free'ing our own pointer in memcache when memcachetrim attempts to reduce cache size bsc1179156. Adjust smbcacls '--propagate-inheritance' feature to align with upstream...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2021:1444-1)

This update for samba fixes the following issues : CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. Avoid free'ing o...

CVE-2017-12150

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Mitigation The missing implied signing for smb2mount -e, smbcacls -e and smbcquotas -e can be...

Security update for samba (important)

samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

"Samba was updated to the 4.2.x codestream, bringing some new features and security fixes bsc973832, FATE320709. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgrad...

openSUSE Security Update : samba (openSUSE-2016-399)

"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Security update for samba (important)

This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648; bsc968222. Other bugs fixed: - Enable clustering CTDB support; bsc966271. - s3: smbd: Fix timestamp...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0816-1)

"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

"Samba was updated to fix security issues and bugs : Security issues fixed : - Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords. CVE-2013-4496; bnc849224. - The DCE-RPC fragment length field is incorrectly checked, which could expose samba...

openSUSE Security Update : samba (openSUSE-SU-2014:0404-1)

"Samba was updated to 4.1.6, fixing bugs and security issues : - Password lockout not enforced for SAMR password changes, this allowed brute forcing of passwords; CVE-2013-4496; bnc849224. - smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; bnc855866. Also the following bugs...

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities

Binary data 8276.prm...

RedHat Update for samba4 RHSA-2014:0383-01

Check for the Version of samba4 OpenVAS Vulnerability Test RedHat Update for samba4 RHSA-2014:0383-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20140409)

It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. CVE-2013-4496 A flaw...

samba: smbcacls will delete ACL lists in certain circumstances

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...

SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)

"The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed : - No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been...

Samba 'smbcacls'命令安全绕过漏洞

Bugtraq ID:66232 CVE ID:CVE-2013-6442 Samba是一款实现SMB协议、跨平台进行文件共享和打印共享服务的程序。 当使用"-C|--chown name"或"-G|--chgrp name"选项时Samba的smbcacls工具存在错误，允许攻击者利用漏洞绕过安全限制访问受限资源。 0 Samba 4.x Samba 4.0.16或4.1.6已经修复该漏洞，建议用户下载更新： http://www.samba.org/...

CVE-2013-6442

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...