ALPINE-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

CVE-2026-3238

CVE-2026-3238 affects Samba’s WINS server in AD DCs, where unauthenticated UDP packets can trigger a NULL pointer dereference and crash the WINS service. Public details confirm the issue is a denial of service vector; no exploit details are provided in the documents. Remediation publicly document...

CVE-2026-3238 Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

OESA-2026-2577 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: '-------- Forwarded Message --------', 'Date: Tue, 26 May 2026 14:29:50 +0200', 'Reply-To: Stefan Metzmacher metze samba org', 'Release Announcements\n---------------------\n\nThis is a security release ...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

CVE-2026-3238

Denial of service against AD DC WINS server...

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

Linux Distros Unpatched Vulnerability : CVE-2026-3238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types di...

UBUNTU-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

MGASA-2026-0142 Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...

CVE-1999-0288

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service process termination via invalid UDP frames to port 137 NETBIOS Name Service, as demonstrated via a flood of random packets...

CVE-2025-10230 Samba: command injection in wins server hook script

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2025:3676-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3676-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixe...

SUSE SLES15 Security Update : samba (SUSE-SU-2025:03603-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03603-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection i...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. CVE-2025-10230: Fixed command Injection in WINS Server Hook Script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Update to 4.21.8: netrLogonSamLogonEx returns NRSTATUSACCESSDENIED with...

SUSE-SU-2025:3676-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Update to 4.21.8: netrLogonSamLogonEx returns NRSTATUSACCESSDENIED with...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : samba (SUSE-SU-2025:03612-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03612-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. -...

SUSE-SU-2025:03618-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280...