Vendor CVEs
Samba (software)
All CVEs
235 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0547 | 0.00 | — | 0.00 | Feb 4, 2010 | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | |||
| CVE-2009-2948 | 0.00 | — | 0.01 | Oct 7, 2009 | mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the… | |||
| CVE-2009-2906 | 0.00 | — | 0.04 | Oct 7, 2009 | smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. | |||
| CVE-2009-2813 | 0.00 | — | 0.03 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,… | |||
| CVE-2009-1888 | 0.00 | — | 0.05 | Jun 25, 2009 | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to… | |||
| CVE-2009-0022 | 0.00 | — | 0.04 | Jan 5, 2009 | Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. | |||
| CVE-2008-4314 | 0.00 | — | 0.04 | Dec 1, 2008 | smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | |||
| CVE-2008-3789 | 0.00 | — | 0.01 | Aug 27, 2008 | Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. | |||
| CVE-2008-1720 | 0.00 | — | 0.05 | Apr 10, 2008 | Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2007-4572 | 0.00 | — | 0.06 | Nov 16, 2007 | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | |||
| CVE-2007-4138 | 0.00 | — | 0.01 | Sep 14, 2007 | The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group… | |||
| CVE-2007-2407 | 0.00 | — | 0.03 | Aug 3, 2007 | The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | |||
| CVE-2007-2447 | 0.00 | — | 0.50 | May 14, 2007 | The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote… | |||
| CVE-2007-2444 | 0.00 | — | 0.01 | May 14, 2007 | Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | |||
| CVE-2007-0452 | 0.00 | — | 0.05 | Feb 6, 2007 | smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | |||
| CVE-2007-0453 | 0.00 | — | 0.01 | Feb 6, 2007 | Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | |||
| CVE-2006-3403 | 0.00 | — | 0.06 | Jul 12, 2006 | The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | |||
| CVE-2006-1059 | 0.00 | — | 0.00 | Mar 30, 2006 | The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | |||
| CVE-2004-0930 | 0.00 | — | 0.05 | Jan 27, 2005 | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | |||
| CVE-2004-0808 | 0.00 | — | 0.05 | Dec 31, 2004 | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | |||
| CVE-2004-0829 | 0.00 | — | 0.04 | Dec 31, 2004 | smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. | |||
| CVE-2004-2546 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | |||
| CVE-2004-0815 | 0.00 | — | 0.05 | Nov 3, 2004 | The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style… | |||
| CVE-2004-0807 | 0.00 | — | 0.06 | Sep 13, 2004 | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||
| CVE-2004-0686 | 0.00 | — | 0.04 | Jul 27, 2004 | Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||
| CVE-2004-0082 | 0.00 | — | 0.04 | Mar 3, 2004 | The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | |||
| CVE-2004-0028 | 0.00 | — | 0.02 | Feb 3, 2004 | jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | |||
| CVE-2003-1332 | 0.00 | — | 0.05 | Dec 31, 2003 | Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||
| CVE-2003-0086 | 0.00 | — | 0.01 | Mar 31, 2003 | The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | |||
| CVE-2002-0080 | 0.00 | — | 0.01 | Mar 15, 2002 | rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | |||
| CVE-2000-0938 | 0.00 | — | 0.02 | Dec 19, 2000 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||
| CVE-2000-0939 | 0.00 | — | 0.02 | Dec 19, 2000 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | |||
| CVE-1999-0812 | 0.00 | — | 0.01 | Jul 12, 2000 | Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | |||
| CVE-1999-0810 | 0.00 | — | 0.02 | Jul 21, 1999 | Denial of service in Samba NETBIOS name service daemon (nmbd). | |||
| CVE-1999-1288 | 0.00 | — | 0.00 | Nov 19, 1998 | Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. |
- CVE-2010-0547Feb 4, 2010risk 0.00cvss —epss 0.00
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
- CVE-2009-2948Oct 7, 2009risk 0.00cvss —epss 0.01
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the…
- CVE-2009-2906Oct 7, 2009risk 0.00cvss —epss 0.04
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
- CVE-2009-2813Sep 14, 2009risk 0.00cvss —epss 0.03
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…
- CVE-2009-1888Jun 25, 2009risk 0.00cvss —epss 0.05
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to…
- CVE-2009-0022Jan 5, 2009risk 0.00cvss —epss 0.04
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
- CVE-2008-4314Dec 1, 2008risk 0.00cvss —epss 0.04
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
- CVE-2008-3789Aug 27, 2008risk 0.00cvss —epss 0.01
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
- CVE-2008-1720Apr 10, 2008risk 0.00cvss —epss 0.05
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
- CVE-2007-4572Nov 16, 2007risk 0.00cvss —epss 0.06
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
- CVE-2007-4138Sep 14, 2007risk 0.00cvss —epss 0.01
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group…
- CVE-2007-2407Aug 3, 2007risk 0.00cvss —epss 0.03
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
- CVE-2007-2447May 14, 2007risk 0.00cvss —epss 0.50
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote…
- CVE-2007-2444May 14, 2007risk 0.00cvss —epss 0.01
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
- CVE-2007-0452Feb 6, 2007risk 0.00cvss —epss 0.05
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
- CVE-2007-0453Feb 6, 2007risk 0.00cvss —epss 0.01
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
- CVE-2006-3403Jul 12, 2006risk 0.00cvss —epss 0.06
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
- CVE-2006-1059Mar 30, 2006risk 0.00cvss —epss 0.00
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
- CVE-2004-0930Jan 27, 2005risk 0.00cvss —epss 0.05
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
- CVE-2004-0808Dec 31, 2004risk 0.00cvss —epss 0.05
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
- CVE-2004-0829Dec 31, 2004risk 0.00cvss —epss 0.04
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
- CVE-2004-2546Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
- CVE-2004-0815Nov 3, 2004risk 0.00cvss —epss 0.05
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style…
- CVE-2004-0807Sep 13, 2004risk 0.00cvss —epss 0.06
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
- CVE-2004-0686Jul 27, 2004risk 0.00cvss —epss 0.04
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
- CVE-2004-0082Mar 3, 2004risk 0.00cvss —epss 0.04
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
- CVE-2004-0028Feb 3, 2004risk 0.00cvss —epss 0.02
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
- CVE-2003-1332Dec 31, 2003risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
- CVE-2003-0086Mar 31, 2003risk 0.00cvss —epss 0.01
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
- CVE-2002-0080Mar 15, 2002risk 0.00cvss —epss 0.01
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
- CVE-2000-0938Dec 19, 2000risk 0.00cvss —epss 0.02
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
- CVE-2000-0939Dec 19, 2000risk 0.00cvss —epss 0.02
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
- CVE-1999-0812Jul 12, 2000risk 0.00cvss —epss 0.01
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.
- CVE-1999-0810Jul 21, 1999risk 0.00cvss —epss 0.02
Denial of service in Samba NETBIOS name service daemon (nmbd).
- CVE-1999-1288Nov 19, 1998risk 0.00cvss —epss 0.00
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
Page 5 of 5