SUSE: Security Advisory (SUSE-SU-2021:1439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : samba (openSUSE-2021-636)

This update for samba fixes the following issues : - CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. - CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. - Avoid...

SUSE SLES15 Security Update : samba (SUSE-SU-2021:1445-1)

This update for samba fixes the following issues : CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. Avoid free'ing our own pointer in memcache when memcachetrim attempts to reduce cache size bsc1179156. Adjust smbcacls '--propagate-inheritance' feature to align with upstream...

SUSE SLES12 Security Update : samba (SUSE-SU-2021:1439-1)

This update for samba fixes the following issues : CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. Adjust smbcacls '--propagate-inheritance' feature to align with upstream bsc1178469. Note that Tenable Network Security has extracted the preceding description block directly fro...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2021:1444-1)

This update for samba fixes the following issues : CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. Avoid free'ing o...

CVE-2017-12150

It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Mitigation The missing implied signing for smb2mount -e, smbcacls -e and smbcquotas -e can be...

The vulnerability of Samba software allows a remote attacker to compromise the confidentiality and integrity of protected information.

A vulnerability exists in the ownerset function in smbcacls.c within smbcacls in Samba, due to the deletion of the access control list when the --chown or --chgrp parameter is used. Exploiting this vulnerability allows malicious actors to circumvent access restrictions by making unauthorized...

Security update for samba (important)

samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

"Samba was updated to the 4.2.x codestream, bringing some new features and security fixes bsc973832, FATE320709. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgrad...

openSUSE Security Update : samba (openSUSE-2016-399)

"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Security update for samba (important)

This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648; bsc968222. Other bugs fixed: - Enable clustering CTDB support; bsc966271. - s3: smbd: Fix timestamp...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0816-1)

"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : samba (openSUSE-SU-2014:0404-1)

"Samba was updated to 4.1.6, fixing bugs and security issues : - Password lockout not enforced for SAMR password changes, this allowed brute forcing of passwords; CVE-2013-4496; bnc849224. - smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; bnc855866. Also the following bugs...

openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

"Samba was updated to fix security issues and bugs : Security issues fixed : - Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords. CVE-2013-4496; bnc849224. - The DCE-RPC fragment length field is incorrectly checked, which could expose samba...

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities

Binary data 8276.prm...

RedHat Update for samba4 RHSA-2014:0383-01

Check for the Version of samba4 OpenVAS Vulnerability Test RedHat Update for samba4 RHSA-2014:0383-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20140409)

It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. CVE-2013-4496 A flaw...

samba: smbcacls will delete ACL lists in certain circumstances

The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...

SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)

"The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed : - No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been...

Samba 'smbcacls'命令安全绕过漏洞

Bugtraq ID:66232 CVE ID:CVE-2013-6442 Samba是一款实现SMB协议、跨平台进行文件共享和打印共享服务的程序。 当使用"-C|--chown name"或"-G|--chgrp name"选项时Samba的smbcacls工具存在错误，允许攻击者利用漏洞绕过安全限制访问受限资源。 0 Samba 4.x Samba 4.0.16或4.1.6已经修复该漏洞，建议用户下载更新： http://www.samba.org/...