rpm package
opensuse/samba&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
Vulnerabilities (173)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3238 | Hig | 7.5 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | Jun 8, 2026 | A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer derefere | |
| CVE-2026-4408 | Cri | 9.0 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | May 28, 2026 | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed | |
| CVE-2026-2340 | Med | 6.5 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | May 27, 2026 | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write | |
| CVE-2026-1933 | Hig | 7.1 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | May 27, 2026 | A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations | |
| CVE-2026-3012 | Hig | 8.0 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | May 27, 2026 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w | |
| CVE-2026-4480 | Cri | 9.0 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | May 26, 2026 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this | |
| CVE-2026-40170 | Hig | 7.5 | < 4.23.8+git.477.f78166bceed-1.1 | 4.23.8+git.477.f78166bceed-1.1 | Apr 16, 2026 | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send suffic | |
| CVE-2025-10230 | Cri | 10.0 | < 4.22.5+git.431.dc5a539f124-1.1 | 4.22.5+git.431.dc5a539f124-1.1 | Nov 7, 2025 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the | |
| CVE-2025-9640 | Med | 4.3 | < 4.22.5+git.431.dc5a539f124-1.1 | 4.22.5+git.431.dc5a539f124-1.1 | Oct 15, 2025 | A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln | |
| CVE-2025-0620 | Med | 4.9 | < 4.22.2+git.396.c752843dcf4-1.1 | 4.22.2+git.396.c752843dcf4-1.1 | Jun 6, 2025 | A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. | |
| CVE-2023-4154 | Hig | 7.5 | < 4.19.1+git.312.c912b3d2ef6-1.1 | 4.19.1+git.312.c912b3d2ef6-1.1 | Nov 7, 2023 | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc | |
| CVE-2023-42669 | Med | 6.5 | < 4.19.1+git.312.c912b3d2ef6-1.1 | 4.19.1+git.312.c912b3d2ef6-1.1 | Nov 6, 2023 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on | |
| CVE-2023-3961 | Cri | 9.1 | < 4.19.1+git.312.c912b3d2ef6-1.1 | 4.19.1+git.312.c912b3d2ef6-1.1 | Nov 3, 2023 | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic | |
| CVE-2023-4091 | Med | 6.5 | < 4.19.1+git.312.c912b3d2ef6-1.1 | 4.19.1+git.312.c912b3d2ef6-1.1 | Nov 3, 2023 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque | |
| CVE-2023-42670 | Med | 6.5 | < 4.19.1+git.312.c912b3d2ef6-1.1 | 4.19.1+git.312.c912b3d2ef6-1.1 | Nov 3, 2023 | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for | |
| CVE-2023-5568 | Med | 5.9 | < 4.19.2+git.322.7e9201cef5-1.1 | 4.19.2+git.322.7e9201cef5-1.1 | Oct 25, 2023 | A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. | |
| CVE-2023-3347 | Med | 5.9 | < 4.18.5+git.313.c8e274c7852-1.1 | 4.18.5+git.313.c8e274c7852-1.1 | Jul 20, 2023 | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per | |
| CVE-2023-34968 | Med | 5.3 | < 4.18.5+git.313.c8e274c7852-1.1 | 4.18.5+git.313.c8e274c7852-1.1 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | |
| CVE-2023-34967 | Med | 5.3 | < 4.18.5+git.313.c8e274c7852-1.1 | 4.18.5+git.313.c8e274c7852-1.1 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | |
| CVE-2023-34966 | Hig | 7.5 | < 4.18.5+git.313.c8e274c7852-1.1 | 4.18.5+git.313.c8e274c7852-1.1 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements |
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer derefere
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this
- affected < 4.23.8+git.477.f78166bceed-1.1fixed 4.23.8+git.477.f78166bceed-1.1
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send suffic
- affected < 4.22.5+git.431.dc5a539f124-1.1fixed 4.22.5+git.431.dc5a539f124-1.1
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
- affected < 4.22.5+git.431.dc5a539f124-1.1fixed 4.22.5+git.431.dc5a539f124-1.1
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln
- affected < 4.22.2+git.396.c752843dcf4-1.1fixed 4.22.2+git.396.c752843dcf4-1.1
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
- affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc
- affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
- affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic
- affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
- affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for
- affected < 4.19.2+git.322.7e9201cef5-1.1fixed 4.19.2+git.322.7e9201cef5-1.1
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
- affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per
- affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
Page 1 of 9