VYPR

rpm package

suse/samba&distro=SUSE Linux Enterprise Desktop 11 SP4

pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4

Vulnerabilities (5)

  • CVE-2015-7560MedMar 13, 2016
    affected < 3.6.3-67.2fixed 3.6.3-67.2

    The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to w

  • CVE-2015-5330HigDec 29, 2015
    affected < 3.6.3-64.1fixed 3.6.3-64.1

    ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1

  • CVE-2015-5299MedDec 29, 2015
    affected < 3.6.3-64.1fixed 3.6.3-64.1

    The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by

  • CVE-2015-5296MedDec 29, 2015
    affected < 3.6.3-64.1fixed 3.6.3-64.1

    Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to

  • CVE-2015-5252HigDec 29, 2015
    affected < 3.6.3-64.1fixed 3.6.3-64.1

    vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.