rpm package
suse/samba&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3880 | — | < 4.2.4-28.32.1 | 4.2.4-28.32.1 | Apr 9, 2019 | A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh | ||
| CVE-2018-10858 | — | < 4.4.2-38.20.1 | 4.4.2-38.20.1 | Aug 22, 2018 | A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | ||
| CVE-2018-1050 | — | < 4.2.4-28.29.1 | 4.2.4-28.29.1 | Mar 13, 2018 | All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler s |
- CVE-2019-3880Apr 9, 2019affected < 4.2.4-28.32.1fixed 4.2.4-28.32.1
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh
- CVE-2018-10858Aug 22, 2018affected < 4.4.2-38.20.1fixed 4.4.2-38.20.1
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
- CVE-2018-1050Mar 13, 2018affected < 4.2.4-28.29.1fixed 4.2.4-28.29.1
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler s