rpm package
opensuse/samba&distro=openSUSE Leap Micro 5.3
pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%20Micro%205.3
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34968 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | ||
| CVE-2023-34967 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | ||
| CVE-2023-34966 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements | ||
| CVE-2022-2127 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to | ||
| CVE-2023-0922 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | ||
| CVE-2023-0614 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | ||
| CVE-2023-0225 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | ||
| CVE-2021-20251 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Mar 6, 2023 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | ||
| CVE-2022-3437 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Jan 12, 2023 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w | ||
| CVE-2022-42898 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Dec 25, 2022 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau | ||
| CVE-2022-38023 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Netlogon RPC Elevation of Privilege Vulnerability | ||
| CVE-2022-37967 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | ||
| CVE-2022-37966 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | ||
| CVE-2022-32746 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Aug 25, 2022 | A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAc | ||
| CVE-2022-32745 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Aug 25, 2022 | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | ||
| CVE-2022-32744 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Aug 25, 2022 | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. | ||
| CVE-2022-32742 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Aug 25, 2022 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control | ||
| CVE-2022-2031 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Aug 25, 2022 | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tic |
- CVE-2023-34968Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- CVE-2023-34967Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- CVE-2023-34966Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
- CVE-2022-2127Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
- CVE-2023-0922Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
- CVE-2023-0614Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
- CVE-2023-0225Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
- CVE-2021-20251Mar 6, 2023affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
- CVE-2022-3437Jan 12, 2023affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w
- CVE-2022-42898Dec 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau
- CVE-2022-38023Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Netlogon RPC Elevation of Privilege Vulnerability
- CVE-2022-37967Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-37966Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
- CVE-2022-32746Aug 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAc
- CVE-2022-32745Aug 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
- CVE-2022-32744Aug 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
- CVE-2022-32742Aug 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control
- CVE-2022-2031Aug 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tic