rpm package
almalinux/samba-vfs-iouring
pkg:rpm/almalinux/samba-vfs-iouring
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-42669 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 6, 2023 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on | ||
| CVE-2023-3961 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 3, 2023 | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic | ||
| CVE-2023-4091 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 3, 2023 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque | ||
| CVE-2023-34968 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | ||
| CVE-2023-34967 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | ||
| CVE-2023-34966 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements | ||
| CVE-2023-3347 | — | < 4.17.5-103.el9_2.alma | 4.17.5-103.el9_2.alma | Jul 20, 2023 | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per | ||
| CVE-2022-2127 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to | ||
| CVE-2022-38023 | — | < 4.16.4-4.el8_7 | 4.16.4-4.el8_7 | Nov 9, 2022 | Netlogon RPC Elevation of Privilege Vulnerability | ||
| CVE-2022-1615 | — | < 4.17.5-102.el9 | 4.17.5-102.el9 | Sep 1, 2022 | In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | ||
| CVE-2022-32742 | — | < 4.15.5-10.el8_6 | 4.15.5-10.el8_6 | Aug 25, 2022 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control | ||
| CVE-2021-20316 | — | < 4.15.5-5.el8 | 4.15.5-5.el8 | Aug 23, 2022 | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | ||
| CVE-2021-23192 | — | < 4.14.5-7.el8_5 | 4.14.5-7.el8_5 | Mar 2, 2022 | A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | ||
| CVE-2021-44142 | — | < 4.14.5-9.el8_5 | 4.14.5-9.el8_5 | Feb 21, 2022 | The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bou | ||
| CVE-2021-44141 | — | < 4.15.5-5.el8 | 4.15.5-5.el8 | Feb 21, 2022 | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this | ||
| CVE-2020-25717 | — | < 4.14.5-7.el8_5 | 4.14.5-7.el8_5 | Feb 18, 2022 | A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||
| CVE-2016-2124 | — | < 4.14.5-7.el8_5 | 4.14.5-7.el8_5 | Feb 18, 2022 | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. |
- CVE-2023-42669Nov 6, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
- CVE-2023-3961Nov 3, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic
- CVE-2023-4091Nov 3, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
- CVE-2023-34968Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- CVE-2023-34967Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- CVE-2023-34966Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
- CVE-2023-3347Jul 20, 2023affected < 4.17.5-103.el9_2.almafixed 4.17.5-103.el9_2.alma
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per
- CVE-2022-2127Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
- CVE-2022-38023Nov 9, 2022affected < 4.16.4-4.el8_7fixed 4.16.4-4.el8_7
Netlogon RPC Elevation of Privilege Vulnerability
- CVE-2022-1615Sep 1, 2022affected < 4.17.5-102.el9fixed 4.17.5-102.el9
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
- CVE-2022-32742Aug 25, 2022affected < 4.15.5-10.el8_6fixed 4.15.5-10.el8_6
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control
- CVE-2021-20316Aug 23, 2022affected < 4.15.5-5.el8fixed 4.15.5-5.el8
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
- CVE-2021-23192Mar 2, 2022affected < 4.14.5-7.el8_5fixed 4.14.5-7.el8_5
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
- CVE-2021-44142Feb 21, 2022affected < 4.14.5-9.el8_5fixed 4.14.5-9.el8_5
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bou
- CVE-2021-44141Feb 21, 2022affected < 4.15.5-5.el8fixed 4.15.5-5.el8
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this
- CVE-2020-25717Feb 18, 2022affected < 4.14.5-7.el8_5fixed 4.14.5-7.el8_5
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
- CVE-2016-2124Feb 18, 2022affected < 4.14.5-7.el8_5fixed 4.14.5-7.el8_5
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.