Samba
Source repositories
CVEs (206)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1886 | 0.04 | — | 0.12 | Jun 25, 2009 | Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | |||
| CVE-2001-1162 | 0.04 | — | 0.12 | Jun 23, 2001 | Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. | |||
| CVE-2000-0937 | 0.04 | — | 0.08 | Dec 19, 2000 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | |||
| CVE-1999-0182 | 0.04 | — | 0.10 | Sep 30, 1997 | Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. | |||
| CVE-2021-44142 | 0.03 | — | 0.74 | Feb 21, 2022 | The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow… | |||
| CVE-2004-0186 | 0.03 | — | 0.02 | Mar 15, 2004 | smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | |||
| CVE-2001-0406 | 0.03 | — | 0.01 | Jul 2, 2001 | Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | |||
| CVE-2000-0936 | 0.03 | — | 0.01 | Dec 19, 2000 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | |||
| CVE-2000-0935 | 0.03 | — | 0.01 | Dec 19, 2000 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | |||
| CVE-1999-0811 | 0.03 | — | 0.03 | Jul 21, 1999 | Buffer overflow in Samba smbd program via a malformed message command. | |||
| CVE-2023-34967 | 0.02 | — | 0.63 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in… | |||
| CVE-2020-10745 | 0.02 | — | 0.04 | Jul 7, 2020 | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest… | |||
| CVE-2020-14303 | 0.02 | — | 0.04 | Jul 6, 2020 | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | |||
| CVE-2014-0244 | 0.02 | — | 0.20 | Jun 23, 2014 | The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | |||
| CVE-2003-0196 | 0.02 | — | 0.23 | May 5, 2003 | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | |||
| CVE-2023-5568 | 0.01 | — | 0.02 | Oct 24, 2023 | A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. | |||
| CVE-2023-34966 | 0.01 | — | 0.62 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements… | |||
| CVE-2020-27840 | 0.01 | — | 0.04 | May 12, 2021 | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to… | |||
| CVE-2020-10704 | 0.01 | — | 0.03 | May 6, 2020 | A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from… | |||
| CVE-2019-14907 | 0.01 | — | 0.03 | Jan 21, 2020 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during… |
- CVE-2009-1886Jun 25, 2009risk 0.04cvss —epss 0.12
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
- CVE-2001-1162Jun 23, 2001risk 0.04cvss —epss 0.12
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
- CVE-2000-0937Dec 19, 2000risk 0.04cvss —epss 0.08
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
- CVE-1999-0182Sep 30, 1997risk 0.04cvss —epss 0.10
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
- CVE-2021-44142Feb 21, 2022risk 0.03cvss —epss 0.74
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow…
- CVE-2004-0186Mar 15, 2004risk 0.03cvss —epss 0.02
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
- CVE-2001-0406Jul 2, 2001risk 0.03cvss —epss 0.01
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
- CVE-2000-0936Dec 19, 2000risk 0.03cvss —epss 0.01
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
- CVE-2000-0935Dec 19, 2000risk 0.03cvss —epss 0.01
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
- CVE-1999-0811Jul 21, 1999risk 0.03cvss —epss 0.03
Buffer overflow in Samba smbd program via a malformed message command.
- CVE-2023-34967Jul 20, 2023risk 0.02cvss —epss 0.63
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in…
- CVE-2020-10745Jul 7, 2020risk 0.02cvss —epss 0.04
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest…
- CVE-2020-14303Jul 6, 2020risk 0.02cvss —epss 0.04
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
- CVE-2014-0244Jun 23, 2014risk 0.02cvss —epss 0.20
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
- CVE-2003-0196May 5, 2003risk 0.02cvss —epss 0.23
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
- CVE-2023-5568Oct 24, 2023risk 0.01cvss —epss 0.02
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
- CVE-2023-34966Jul 20, 2023risk 0.01cvss —epss 0.62
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements…
- CVE-2020-27840May 12, 2021risk 0.01cvss —epss 0.04
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to…
- CVE-2020-10704May 6, 2020risk 0.01cvss —epss 0.03
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from…
- CVE-2019-14907Jan 21, 2020risk 0.01cvss —epss 0.03
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during…
Page 4 of 11