VuXML ID | Description |
2bc96f18-683f-11dc-82b6-02e0185f8d72 | samba -- nss_info plugin privilege escalation vulnerability
The Samba development team reports:
The idmap_ad.so library provides an nss_info extension to
Winbind for retrieving a user's home directory path, login
shell and primary group id from an Active Directory domain
controller. This functionality is enabled by defining the
"winbind nss info" smb.conf option to either "sfu" or
"rfc2307".
Both the Windows "Identity Management for Unix" and
"Services for Unix" MMC plug-ins allow a user to be assigned
a primary group for Unix clients that differs from the user's
Windows primary group. When the rfc2307 or sfu nss_info plugin
has been enabled, in the absence of either the RFC2307 or SFU
primary group attribute, Winbind will assign a primary group ID
of 0 to the domain user queried using the getpwnam() C library
call.
Discovery 2007-09-11 Entry 2007-09-21 Modified 2008-09-26 samba
< 3.0.26a
gt *,1 lt 3.0.26a,1
CVE-2007-4138
http://www.samba.org/samba/security/CVE-2007-4138.html
|
ffcbd42d-a8c5-11dc-bec2-02e0185f8d72 | samba -- buffer overflow vulnerability
Secuna Research reports:
Secunia Research has discovered a vulnerability in Samba, which
can be exploited by malicious people to compromise a vulnerable
system. The vulnerability is caused due to a boundary error within
the "send_mailslot()" function. This can be exploited to cause a
stack-based buffer overflow with zero bytes via a specially crafted
"SAMLOGON" domain logon packet containing a username string placed
at an odd offset followed by an overly long GETDC string.
Successful exploitation allows execution of arbitrary code, but
requires that the "domain logons" option is enabled.
Discovery 2007-12-10 Entry 2007-12-12 Modified 2008-09-26 samba
samba3
ja-samba
< 3.0.28
gt *,1 lt 3.0.28,1
CVE-2007-6015
http://secunia.com/advisories/27760/
|
a63b15f9-97ff-11dc-9e48-0016179b2dd5 | samba -- multiple vulnerabilities
The Samba Team reports:
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests. This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.
Discovery 2007-11-15 Entry 2007-11-21 Modified 2008-09-26 samba
samba3
ja-samba
< 3.0.26a
gt *,1 lt 3.0.26a_2,1
26454
CVE-2007-4572
CVE-2007-5398
http://secunia.com/advisories/27450/
http://us1.samba.org/samba/security/CVE-2007-4572.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
|
3b3676be-52e1-11d9-a9e7-0001020eed82 | samba -- integer overflow vulnerability
Greg MacManus, iDEFENSE Labs reports:
Remote exploitation of an integer overflow vulnerability
in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
and Samba 3.0.x prior to and including 3.0.9 could allow
an attacker to cause controllable heap corruption, leading
to execution of arbitrary commands with root
privileges.
Successful remote exploitation allows an attacker to gain
root privileges on a vulnerable system. In order to
exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba
server. Unsuccessful exploitation attempts will cause the
process serving the request to crash with signal 11, and
may leave evidence of an attack in logs.
Discovery 2004-12-02 Entry 2004-12-21 Modified 2008-09-26 samba
< 3.0.10
gt *,1 lt 3.0.10,1
ja-samba
< 2.2.12.j1.0beta1_2
gt 3.* lt 3.0.10
gt 3.*,1 lt 3.0.10,1
CVE-2004-1154
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
http://www.samba.org/samba/security/CAN-2004-1154.html
|