rpm package
opensuse/samba&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
Vulnerabilities (173)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8143 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jan 17, 2015 | Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leverag | ||
| CVE-2014-3560 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Aug 6, 2014 | NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappe | ||
| CVE-2014-3493 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 23, 2014 | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicod | ||
| CVE-2014-0244 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 23, 2014 | The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | ||
| CVE-2014-0239 | — | < 4.5.0-1.1 | 4.5.0-1.1 | May 28, 2014 | The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that | ||
| CVE-2014-0178 | — | < 4.5.0-1.1 | 4.5.0-1.1 | May 28, 2014 | Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive informatio | ||
| CVE-2013-6442 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 14, 2014 | The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unin | ||
| CVE-2013-4496 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 14, 2014 | Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. | ||
| CVE-2013-4408 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Dec 10, 2013 | Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in | ||
| CVE-2012-6150 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Dec 3, 2013 | The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportun | ||
| CVE-2013-4476 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Nov 13, 2013 | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an A | ||
| CVE-2013-4475 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Nov 13, 2013 | Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data | ||
| CVE-2013-4124 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Aug 6, 2013 | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | ||
| CVE-2013-0454 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 26, 2013 | The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-on | ||
| CVE-2013-1863 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 19, 2013 | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | ||
| CVE-2013-0214 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Feb 2, 2013 | Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and comp | ||
| CVE-2013-0213 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Feb 2, 2013 | The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. | ||
| CVE-2013-0172 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jan 17, 2013 | Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects | ||
| CVE-2012-2111 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Apr 30, 2012 | The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote au | ||
| CVE-2012-1182 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Apr 10, 2012 | The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted |
- CVE-2014-8143Jan 17, 2015affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leverag
- CVE-2014-3560Aug 6, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappe
- CVE-2014-3493Jun 23, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicod
- CVE-2014-0244Jun 23, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
- CVE-2014-0239May 28, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that
- CVE-2014-0178May 28, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive informatio
- CVE-2013-6442Mar 14, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unin
- CVE-2013-4496Mar 14, 2014affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.
- CVE-2013-4408Dec 10, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in
- CVE-2012-6150Dec 3, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportun
- CVE-2013-4476Nov 13, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an A
- CVE-2013-4475Nov 13, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data
- CVE-2013-4124Aug 6, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
- CVE-2013-0454Mar 26, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-on
- CVE-2013-1863Mar 19, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
- CVE-2013-0214Feb 2, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and comp
- CVE-2013-0213Feb 2, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
- CVE-2013-0172Jan 17, 2013affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects
- CVE-2012-2111Apr 30, 2012affected < 4.5.0-1.1fixed 4.5.0-1.1
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote au
- CVE-2012-1182Apr 10, 2012affected < 4.5.0-1.1fixed 4.5.0-1.1
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted
Page 7 of 9