VYPR

Samba

by Samba (software)

Source repositories

CVEs (206)

  • CVE-2008-4314Dec 1, 2008
    risk 0.00cvss epss 0.04

    smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

  • CVE-2008-3789Aug 27, 2008
    risk 0.00cvss epss 0.01

    Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

  • CVE-2007-4572Nov 16, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

  • CVE-2007-4138Sep 14, 2007
    risk 0.00cvss epss 0.01

    The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group…

  • CVE-2007-2407Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.

  • CVE-2007-2444May 14, 2007
    risk 0.00cvss epss 0.01

    Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

  • CVE-2007-2447May 14, 2007
    risk 0.00cvss epss 0.50

    The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote…

  • CVE-2007-0453Feb 6, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

  • CVE-2007-0452Feb 6, 2007
    risk 0.00cvss epss 0.05

    smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

  • CVE-2006-3403Jul 12, 2006
    risk 0.00cvss epss 0.06

    The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

  • CVE-2006-1059Mar 30, 2006
    risk 0.00cvss epss 0.00

    The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

  • CVE-2004-0930Jan 27, 2005
    risk 0.00cvss epss 0.05

    The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

  • CVE-2004-0829Dec 31, 2004
    risk 0.00cvss epss 0.04

    smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

  • CVE-2004-2546Dec 31, 2004
    risk 0.00cvss epss 0.03

    Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

  • CVE-2004-0808Dec 31, 2004
    risk 0.00cvss epss 0.05

    The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

  • CVE-2004-0815Nov 3, 2004
    risk 0.00cvss epss 0.05

    The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style…

  • CVE-2004-0807Sep 13, 2004
    risk 0.00cvss epss 0.06

    Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

  • CVE-2004-0686Jul 27, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

  • CVE-2004-0082Mar 3, 2004
    risk 0.00cvss epss 0.04

    The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

  • CVE-2003-1332Dec 31, 2003
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.

Page 10 of 11