10 High
AI Score
Confidence
High
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.4%
It was discovered that Winbind incorrectly handled invalid group names with
the require_membership_of parameter. If an administrator used an invalid
group name by mistake, access was granted instead of having the login fail.
(CVE-2012-6150)
Stefan Metzmacher and Michael Adam discovered that Samba incorrectly
handled DCE-RPC fragment length fields. A remote attacker could use this
issue to cause Samba to crash, resulting in a denial of service, or
possibly execute arbitrary code as the root user. (CVE-2013-4408)
Hemanth Thummala discovered that Samba incorrectly handled file
permissions when vfs_streams_depot or vfs_streams_xattr were enabled. A
remote attacker could use this issue to bypass intended restrictions.
(CVE-2013-4475)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | samba | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libnss-winbind | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libpam-smbpass | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libpam-winbind | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libsmbclient | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libsmbclient-dev | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libwbclient-dev | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libwbclient0 | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | samba-common-bin | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | samba-dbg | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |