rpm package
almalinux/samba-winexe
pkg:rpm/almalinux/samba-winexe
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-42669 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 6, 2023 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on | ||
| CVE-2023-3961 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 3, 2023 | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic | ||
| CVE-2023-4091 | — | < 4.18.6-101.el9_3.alma.1 | 4.18.6-101.el9_3.alma.1 | Nov 3, 2023 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque | ||
| CVE-2023-34968 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | ||
| CVE-2023-34967 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | ||
| CVE-2023-34966 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements | ||
| CVE-2023-3347 | — | < 4.17.5-103.el9_2.alma | 4.17.5-103.el9_2.alma | Jul 20, 2023 | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per | ||
| CVE-2022-2127 | — | < 4.18.6-100.el9 | 4.18.6-100.el9 | Jul 20, 2023 | An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to | ||
| CVE-2022-38023 | — | < 4.16.4-4.el8_7 | 4.16.4-4.el8_7 | Nov 9, 2022 | Netlogon RPC Elevation of Privilege Vulnerability | ||
| CVE-2022-1615 | — | < 4.17.5-102.el9 | 4.17.5-102.el9 | Sep 1, 2022 | In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | ||
| CVE-2022-32742 | — | < 4.15.5-10.el8_6 | 4.15.5-10.el8_6 | Aug 25, 2022 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control | ||
| CVE-2021-20316 | — | < 4.15.5-5.el8 | 4.15.5-5.el8 | Aug 23, 2022 | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | ||
| CVE-2021-44141 | — | < 4.15.5-5.el8 | 4.15.5-5.el8 | Feb 21, 2022 | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this |
- CVE-2023-42669Nov 6, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
- CVE-2023-3961Nov 3, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic
- CVE-2023-4091Nov 3, 2023affected < 4.18.6-101.el9_3.alma.1fixed 4.18.6-101.el9_3.alma.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
- CVE-2023-34968Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- CVE-2023-34967Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- CVE-2023-34966Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
- CVE-2023-3347Jul 20, 2023affected < 4.17.5-103.el9_2.almafixed 4.17.5-103.el9_2.alma
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per
- CVE-2022-2127Jul 20, 2023affected < 4.18.6-100.el9fixed 4.18.6-100.el9
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
- CVE-2022-38023Nov 9, 2022affected < 4.16.4-4.el8_7fixed 4.16.4-4.el8_7
Netlogon RPC Elevation of Privilege Vulnerability
- CVE-2022-1615Sep 1, 2022affected < 4.17.5-102.el9fixed 4.17.5-102.el9
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
- CVE-2022-32742Aug 25, 2022affected < 4.15.5-10.el8_6fixed 4.15.5-10.el8_6
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control
- CVE-2021-20316Aug 23, 2022affected < 4.15.5-5.el8fixed 4.15.5-5.el8
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
- CVE-2021-44141Feb 21, 2022affected < 4.15.5-5.el8fixed 4.15.5-5.el8
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this