Samba
Source repositories
CVEs (206)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4314 | 0.00 | — | 0.04 | Dec 1, 2008 | smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | |||
| CVE-2008-3789 | 0.00 | — | 0.01 | Aug 27, 2008 | Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. | |||
| CVE-2007-4572 | 0.00 | — | 0.06 | Nov 16, 2007 | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | |||
| CVE-2007-4138 | 0.00 | — | 0.01 | Sep 14, 2007 | The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group… | |||
| CVE-2007-2407 | 0.00 | — | 0.03 | Aug 3, 2007 | The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | |||
| CVE-2007-2444 | 0.00 | — | 0.01 | May 14, 2007 | Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | |||
| CVE-2007-2447 | 0.00 | — | 0.50 | May 14, 2007 | The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote… | |||
| CVE-2007-0453 | 0.00 | — | 0.01 | Feb 6, 2007 | Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | |||
| CVE-2007-0452 | 0.00 | — | 0.05 | Feb 6, 2007 | smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | |||
| CVE-2006-3403 | 0.00 | — | 0.06 | Jul 12, 2006 | The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | |||
| CVE-2006-1059 | 0.00 | — | 0.00 | Mar 30, 2006 | The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | |||
| CVE-2004-0930 | 0.00 | — | 0.05 | Jan 27, 2005 | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | |||
| CVE-2004-0829 | 0.00 | — | 0.04 | Dec 31, 2004 | smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. | |||
| CVE-2004-2546 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | |||
| CVE-2004-0808 | 0.00 | — | 0.05 | Dec 31, 2004 | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | |||
| CVE-2004-0815 | 0.00 | — | 0.05 | Nov 3, 2004 | The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style… | |||
| CVE-2004-0807 | 0.00 | — | 0.06 | Sep 13, 2004 | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||
| CVE-2004-0686 | 0.00 | — | 0.04 | Jul 27, 2004 | Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||
| CVE-2004-0082 | 0.00 | — | 0.04 | Mar 3, 2004 | The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | |||
| CVE-2003-1332 | 0.00 | — | 0.05 | Dec 31, 2003 | Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. |
- CVE-2008-4314Dec 1, 2008risk 0.00cvss —epss 0.04
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
- CVE-2008-3789Aug 27, 2008risk 0.00cvss —epss 0.01
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
- CVE-2007-4572Nov 16, 2007risk 0.00cvss —epss 0.06
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
- CVE-2007-4138Sep 14, 2007risk 0.00cvss —epss 0.01
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group…
- CVE-2007-2407Aug 3, 2007risk 0.00cvss —epss 0.03
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
- CVE-2007-2444May 14, 2007risk 0.00cvss —epss 0.01
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
- CVE-2007-2447May 14, 2007risk 0.00cvss —epss 0.50
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote…
- CVE-2007-0453Feb 6, 2007risk 0.00cvss —epss 0.01
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
- CVE-2007-0452Feb 6, 2007risk 0.00cvss —epss 0.05
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
- CVE-2006-3403Jul 12, 2006risk 0.00cvss —epss 0.06
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
- CVE-2006-1059Mar 30, 2006risk 0.00cvss —epss 0.00
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
- CVE-2004-0930Jan 27, 2005risk 0.00cvss —epss 0.05
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
- CVE-2004-0829Dec 31, 2004risk 0.00cvss —epss 0.04
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
- CVE-2004-2546Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
- CVE-2004-0808Dec 31, 2004risk 0.00cvss —epss 0.05
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
- CVE-2004-0815Nov 3, 2004risk 0.00cvss —epss 0.05
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style…
- CVE-2004-0807Sep 13, 2004risk 0.00cvss —epss 0.06
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
- CVE-2004-0686Jul 27, 2004risk 0.00cvss —epss 0.04
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
- CVE-2004-0082Mar 3, 2004risk 0.00cvss —epss 0.04
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
- CVE-2003-1332Dec 31, 2003risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
Page 10 of 11