Lucene search
K
SambaMost viewed

174 matches found

Samba
Samba
•added 2019/12/10 12:0 a.m.•41 views

DelegationNotAllowed not being enforced

Description The S4U MS-SFU Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is...

6.4CVSS6.1AI score0.02783EPSS
Exploits0
Samba
Samba
•added 2019/10/29 12:0 a.m.•40 views

Client code can return filenames containing

Description Samba client code libsmbclient returns server-supplied filenames to calling code without checking for pathname separators such as "/" or "../" in the server returned names. A malicious server can craft a pathname containing separators and return this to client code, causing the client...

6.5CVSS6.5AI score0.03515EPSS
Exploits0
Samba
Samba
•added 2004/09/13 12:0 a.m.•40 views

Samba 3.0.x Denial of Service Flaw

ii A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. Patch Availability The patch file for Samba 3.0.5 addressing both bugs samba-3.0.5-DoS.patch can be downloaded from http://www.samba.org/samba/ftp/patches/security/ The patch has been signed with the "Samba Distribution...

5CVSS6.1AI score0.2344EPSS
Exploits0
Samba
Samba
•added 2023/10/10 12:0 a.m.•39 views

"rpcecho" development server allows Denial

Description Samba developers have built a non-Windows RPC server known as "rpcecho" to test elements of the Samba DCE/RPC stack under their full control. One RPC function provided by "rpcecho" can block, essentially indefinitely, and because the "rpcecho" service is provided from the main RPC tas...

6.5CVSS7AI score0.01723EPSS
Exploits0
Samba
Samba
•added 2023/03/29 12:0 a.m.•38 views

Access controlled AD LDAP attributes can be discovered

== Summary: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assu...

7.7CVSS6.4AI score0.02195EPSS
Exploits0
Samba
Samba
•added 2022/11/15 12:0 a.m.•38 views

Samba buffer overflow vulnerabilities on 32-bit

Description The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by means of tickets that can contain Privilege Attribute Certificates PACs. Both the Heimdal and MIT Kerberos libraries, and so the embedded Heimdal shipped by Samba suffer from an integer...

8.8CVSS1AI score0.06419EPSS
Exploits1
Samba
Samba
•added 2021/11/09 12:0 a.m.•38 views

Samba AD DC did not correctly sandbox

Description Samba as an Active Directory Domain Controller is able to support an RODC, which is meant to have minimal privileges in a domain. However, in accepting a ticket from a Samba or Windows RODC, Samba was not confirming that the RODC is authorized to print such a ticket, via the...

8.8CVSS8.8AI score0.01595EPSS
Exploits0
Samba
Samba
•added 2007/02/05 12:0 a.m.•38 views

Potential Denial of Service bug in smbd

Description Internally Samba's file server daemon, smbd, implements support for deferred file open calls in an attempt to serve client requests that would otherwise fail due to a share mode violation. When renaming a file under certain circumstances it is possible that the request is never remove...

6.8CVSS7.2AI score0.0459EPSS
Exploits1
Samba
Samba
•added 2006/03/30 12:0 a.m.•38 views

Exposed clear text of domain machine

Description The machine trust account password is the secret shared between a domain controller and a specific member server. Access to the member server machine credentials allows an attacker to impersonate the server in the domain and gain access to additional information regarding domain users...

1.2CVSS6.2AI score0.00463EPSS
Exploits0
Samba
Samba
•added 2021/11/09 12:0 a.m.•36 views

Samba AD DC did not always rely on the SID

Description Samba as an Active Directory Domain Controller is based on Kerberos, which provides name-based authentication. These names are often then used for authorization. However Microsoft Windows and Active Direcory is SID-based. SIDs in Windows, similar to UIDs in Linux/Unix if managed well...

9CVSS0.2AI score0.01673EPSS
Exploits0
Samba
Samba
•added 2019/12/10 12:0 a.m.•36 views

Samba AD DC zone-named record Denial of

Description The poorly named dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used fo...

5.3CVSS0.2AI score0.023EPSS
Exploits0
Samba
Samba
•added 2022/10/25 12:0 a.m.•35 views

Wide links protection broken

Description Samba 4.17 introduced following symlinks in user space with the intent to properly check symlink targets to stay within the share that was configured by the administrator. The check does not properly cover a corner case, so that a user can create a symbolic link that will make smbd...

6.5CVSS0.3AI score0.02431EPSS
Exploits0
Samba
Samba
•added 2018/11/27 12:0 a.m.•35 views

Samba AD DC S4U2Self Crash in experimental

Description A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory we clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this...

7.5CVSS0.2AI score0.03081EPSS
Exploits0
Samba
Samba
•added 2017/07/12 12:0 a.m.•35 views

Orpheus' Lyre mutual authentication validation bypass

Description All versions of Samba from 4.0.0 include an embedded copy of Heimdal Kerberos. Heimdal has made a security release, which disclosed: Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation This is a critical vulnerability. In krb5extractticket the KDC-REP service name must b...

8.1CVSS0.5AI score0.05118EPSS
Exploits0
Samba
Samba
•added 2023/03/29 12:0 a.m.•34 views

Samba AD DC "dnsHostname" attribute can be

Description In implementing the Validated dnsHostName permission check in Samba's Active Directory DC, and therefore applying correctly constraints on the values of a dnsHostName value for a computer in a Samba domain CVE-2022-32743, the case where the dnsHostName is deleted, rather than modified...

7.5CVSS6.3AI score0.01147EPSS
Exploits1
Samba
Samba
•added 2019/10/29 12:0 a.m.•24 views

User with "get changes" permission can

Description Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAPSERVERDIRSYNCOID". However, when combined with the ranged results feature specified in MS-ADTS "3.1.1.3.1.3.3 Range Retrieval of Attribute Values" a NULL pointer i...

4.9CVSS0.8AI score0.02355EPSS
Exploits1
Samba
Samba
•added 2026/05/26 12:0 a.m.•16 views

auto-enrolment GPO installing CA certificate over http

Description If the certificate auto-enrollment GPO is enabled on domain members both in Samba's smb.conf and using Windows GPME tool, a CA certificate may be fetched using a plain HTTP connection and installed in the member computer's trust store. This may give an attacker a chance to intercept t...

8CVSS5.9AI score0.00261EPSS
Exploits0
Samba
Samba
•added 2026/05/26 12:0 a.m.•12 views

WORM vfs module does not block overwrites

Description The vfsworm module is intended to make files immutable over SMB a short time after they are created. The time window in which they are writable is configurable, defaulting to one hour. The hook that handles renames was checking that the file being renamed was still mutable, but it was...

6.5CVSS5.8AI score0.00904EPSS
Exploits0
Samba
Samba
•added 2026/05/26 12:0 a.m.•11 views

Denial of service against AD DC WINS server

Description The Windows Internet Naming Service 1 is an unauthenticated service for registering and looking up names in a NetBIOS network running on TCP and UDP 2. The protocol handlers for the RELEASE and MULTIHOMEREG packets in the WINS server running when Samba is configured as an Active...

7.5CVSS5.8AI score0.02669EPSS
Exploits0
Samba
Samba
•added 2026/05/26 12:0 a.m.•10 views

Unauthenticated Remote Code Execution

Description Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. This leads to a remote code execution vulnerability. Print servers configured with "printing...

9.8CVSS6.4AI score0.12797EPSS
Exploits7
Samba
Samba
•added 2026/05/26 12:0 a.m.•10 views

Unauthenticated Remote Code Execution

Description Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a username and password to the "check password script" that can be...

9.8CVSS6AI score0.02501EPSS
Exploits0
Samba
Samba
•added 2026/05/26 12:0 a.m.•7 views

Missing access checks on reparse point

Description Starting with Samba 4.21, users can create and delete NTFS-style reparse points https://en.wikipedia.org/wiki/NTFSreparsepoint via the SMB protocol. The Reparse Point Metadata is stored in an extended attribute named "user.SmbReparse" together with the FILEATTRIBUTEREPARSEPOINT bit in...

5.8AI score
Exploits0
Samba
Samba
•added 2025/10/15 12:0 a.m.•7 views

Command injection via WINS server hook script

Description If a Samba server has WINS support enabled it is off by default, and it has a 'wins hook' parameter specified, the program specified by that parameter will be run whenever a WINS name is changed. The WINS server used by the Samba Active Directory Domain Controller did not validate the...

10CVSS7AI score0.39677EPSS
Exploits2
Samba
Samba
•added 2025/10/15 12:0 a.m.•7 views

uninitialized memory disclosure via vfs_streams_xattr

Description An authenticated user can read an unlimited number of samples of discarded heap memory, due to a failure to initialise memory in streamsxattrpwrite in the vfsstreamsxattr file server module. This is achieved by issuing write requests that creates holes in the file. Samba erases known...

4.3CVSS7AI score0.00421EPSS
Exploits0
Total number of security vulnerabilities174