rpm package
opensuse/samba&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
Vulnerabilities (166)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-1642 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 17, 2010 | The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX reque | ||
| CVE-2010-1635 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 17, 2010 | The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Se | ||
| CVE-2010-0926 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 10, 2010 | The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in sm | ||
| CVE-2010-0728 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 10, 2010 | smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | ||
| CVE-2010-0787 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Mar 2, 2010 | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. | ||
| CVE-2010-0547 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Feb 4, 2010 | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | ||
| CVE-2009-2948 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Oct 7, 2009 | mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the | ||
| CVE-2009-2906 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Oct 7, 2009 | smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. | ||
| CVE-2009-2813 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, whic | ||
| CVE-2009-1888 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 25, 2009 | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to u | ||
| CVE-2009-1886 | — | < 4.5.0-1.1 | 4.5.0-1.1 | Jun 25, 2009 | Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | ||
| CVE-2009-0022 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Jan 5, 2009 | Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. | ||
| CVE-2008-4314 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Dec 1, 2008 | smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | ||
| CVE-2008-3789 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Aug 27, 2008 | Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. | ||
| CVE-2008-1105 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | May 29, 2008 | Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. | ||
| CVE-2007-6015 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Dec 13, 2007 | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset usernam | ||
| CVE-2007-5398 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Nov 16, 2007 | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Q | ||
| CVE-2007-4572 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Nov 16, 2007 | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
| CVE-2007-4138 | — | < 4.14.6+git.182.2205d5224e3-1.1 | 4.14.6+git.182.2205d5224e3-1.1 | Sep 14, 2007 | The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attri | ||
| CVE-2007-4559 | Cri | 9.8 | < 4.18.5+git.313.c8e274c7852-1.1 | 4.18.5+git.313.c8e274c7852-1.1 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2010-1642Jun 17, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX reque
- CVE-2010-1635Jun 17, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Se
- CVE-2010-0926Mar 10, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in sm
- CVE-2010-0728Mar 10, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
- CVE-2010-0787Mar 2, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
- CVE-2010-0547Feb 4, 2010affected < 4.5.0-1.1fixed 4.5.0-1.1
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
- CVE-2009-2948Oct 7, 2009affected < 4.5.0-1.1fixed 4.5.0-1.1
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the
- CVE-2009-2906Oct 7, 2009affected < 4.5.0-1.1fixed 4.5.0-1.1
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
- CVE-2009-2813Sep 14, 2009affected < 4.5.0-1.1fixed 4.5.0-1.1
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, whic
- CVE-2009-1888Jun 25, 2009affected < 4.5.0-1.1fixed 4.5.0-1.1
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to u
- CVE-2009-1886Jun 25, 2009affected < 4.5.0-1.1fixed 4.5.0-1.1
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
- CVE-2009-0022Jan 5, 2009affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
- CVE-2008-4314Dec 1, 2008affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
- CVE-2008-3789Aug 27, 2008affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
- CVE-2008-1105May 29, 2008affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
- CVE-2007-6015Dec 13, 2007affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset usernam
- CVE-2007-5398Nov 16, 2007affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Q
- CVE-2007-4572Nov 16, 2007affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
- CVE-2007-4138Sep 14, 2007affected < 4.14.6+git.182.2205d5224e3-1.1fixed 4.14.6+git.182.2205d5224e3-1.1
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attri
- affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 8 of 9