Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

Linux Distros Unpatched Vulnerability : CVE-2026-3238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of service against AD DC WINS server CVE-2026-3238 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

PT-2026-43439

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

UBUNTU-CVE-2026-3238

Denial of service against AD DC WINS server...

CVE-2026-3238

Denial of service against AD DC WINS server...

MGASA-2026-0142 Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...

CVE-1999-0288

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service process termination via invalid UDP frames to port 137 NETBIOS Name Service, as demonstrated via a flood of random packets...

CVE-2025-10230 Samba: command injection in wins server hook script

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2025:3676-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3676-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixe...

SUSE SLES15 Security Update : samba (SUSE-SU-2025:03603-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03603-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection i...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. CVE-2025-10230: Fixed command Injection in WINS Server Hook Script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Update to 4.21.8: netrLogonSamLogonEx returns NRSTATUSACCESSDENIED with...

SUSE-SU-2025:3676-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Update to 4.21.8: netrLogonSamLogonEx returns NRSTATUSACCESSDENIED with...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : samba (SUSE-SU-2025:03612-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03612-1 advisory. - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. -...

SUSE-SU-2025:03618-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

SUSE-SU-2025:03604-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

PT-2025-42432

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.21.9, 4.21.5, and 4.23.2 Description A critical flaw exists in Samba, specifically in the handling of WINS hook requests. The vulnerability occurs because NetBIOS names received in WINS registration packets are passed...