92 matches found
SuSE 11.2 Security Update : Samba (SAT Patch Number 8170)
The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. CVE-2013-4124. Additionally, the following stability fixes are included in this update : - Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP...
GE Proficy Historian KeyHelp ActiveX LaunchTriPane Vulnerability
Added: 10/29/2012 CVE: CVE-2012-2516 BID: 54215 OSVDB: 83311 Background GE Proficy Historian collects, organizes, archives and distributes tremendous volumes of real-time production information with a goal of enabling better and faster decisions and increased productivity. Problem GE Proficy...
GE Proficy Historian KeyHelp ActiveX LaunchTriPane Vulnerability
Added: 10/29/2012 CVE: CVE-2012-2516 BID: 54215 OSVDB: 83311 Background GE Proficy Historian collects, organizes, archives and distributes tremendous volumes of real-time production information with a goal of enabling better and faster decisions and increased productivity. Problem GE Proficy...
Wireshark Lua Untrusted Search Path vulnerability
Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...
Wireshark Lua Untrusted Search Path vulnerability
Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...
HP Data Protector Client EXEC_CMD Command Execution
Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...
Zend Server Java Bridge Remote Code Execution
Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
Directory traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...
Samba 3.4.5 - Symlink Directory Traversal
Samba 3.4.5 - Symlink Directory Traversal source: https://www.securityfocus.com/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the Samba...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)
J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...
USN-839-1: Samba vulnerabilities
J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...
openSUSE Security Update : cifs-mount (cifs-mount-1036)
Fixed a format string vulnerability in smbclient CVE-2009-1886 and a ACL bypass vulnerability in samba CVE-2009-1888. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cifs-mount-1036. The text...
openSUSE Security Update : cifs-mount (cifs-mount-1036)
Fixed a format string vulnerability in smbclient CVE-2009-1886 and a ACL bypass vulnerability in samba CVE-2009-1888. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cifs-mount-1036. The text...
Debian DSA-1823-1 : samba - several vulnerabilities
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1886 The smbclient utility contains a formatstring vulnerability where commands dealing with file names...
Samba Format String Vulnerability
Samba is prone to a format string vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...
[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1823-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 25, 2009 http://www.debian.org/security/faq -...
DEBIAN-CVE-2009-1886
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...
CVE-2009-1886
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...
Samba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities
According to its version number, the version of Samba running on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list ACL, even when they should be denied...