VuXML ID | Description |
a63b15f9-97ff-11dc-9e48-0016179b2dd5 | samba -- multiple vulnerabilities
The Samba Team reports:
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests. This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.
Discovery 2007-11-15 Entry 2007-11-21 Modified 2008-09-26 samba
samba3
ja-samba
< 3.0.26a
gt *,1 lt 3.0.26a_2,1
26454
CVE-2007-4572
CVE-2007-5398
http://secunia.com/advisories/27450/
http://us1.samba.org/samba/security/CVE-2007-4572.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
|
3b3676be-52e1-11d9-a9e7-0001020eed82 | samba -- integer overflow vulnerability
Greg MacManus, iDEFENSE Labs reports:
Remote exploitation of an integer overflow vulnerability
in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
and Samba 3.0.x prior to and including 3.0.9 could allow
an attacker to cause controllable heap corruption, leading
to execution of arbitrary commands with root
privileges.
Successful remote exploitation allows an attacker to gain
root privileges on a vulnerable system. In order to
exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba
server. Unsuccessful exploitation attempts will cause the
process serving the request to crash with signal 11, and
may leave evidence of an attack in logs.
Discovery 2004-12-02 Entry 2004-12-21 Modified 2008-09-26 samba
< 3.0.10
gt *,1 lt 3.0.10,1
ja-samba
< 2.2.12.j1.0beta1_2
gt 3.* lt 3.0.10
gt 3.*,1 lt 3.0.10,1
CVE-2004-1154
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
http://www.samba.org/samba/security/CAN-2004-1154.html
|
de16b056-132e-11d9-bc4a-000c41e2cdad | samba -- remote file disclosure
According to a Samba Team security notice:
A security vulnerability has been located in Samba
2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5. A remote
attacker may be able to gain access to files which exist
outside of the share's defined path. Such files must still
be readable by the account used for the connection.
The original notice for CAN-2004-0815 indicated that
Samba 3.0.x <= 3.0.5 was vulnerable to the security
issue. After further research, Samba developers have
confirmed that only Samba 3.0.2a and earlier releases
contain the exploitable code.
Discovery 2004-09-30 Entry 2004-09-30 Modified 2008-09-26 samba
< 2.2.12
gt 3.* le 3.0.2a
gt 3.*,1 le 3.0.2a_1,1
ja-samba
< 2.2.11.j1.0_1
CVE-2004-0815
http://www.samba.org/samba/news/#security_2.2.12
|
ffcbd42d-a8c5-11dc-bec2-02e0185f8d72 | samba -- buffer overflow vulnerability
Secuna Research reports:
Secunia Research has discovered a vulnerability in Samba, which
can be exploited by malicious people to compromise a vulnerable
system. The vulnerability is caused due to a boundary error within
the "send_mailslot()" function. This can be exploited to cause a
stack-based buffer overflow with zero bytes via a specially crafted
"SAMLOGON" domain logon packet containing a username string placed
at an odd offset followed by an overly long GETDC string.
Successful exploitation allows execution of arbitrary code, but
requires that the "domain logons" option is enabled.
Discovery 2007-12-10 Entry 2007-12-12 Modified 2008-09-26 samba
samba3
ja-samba
< 3.0.28
gt *,1 lt 3.0.28,1
CVE-2007-6015
http://secunia.com/advisories/27760/
|
2bc96f18-683f-11dc-82b6-02e0185f8d72 | samba -- nss_info plugin privilege escalation vulnerability
The Samba development team reports:
The idmap_ad.so library provides an nss_info extension to
Winbind for retrieving a user's home directory path, login
shell and primary group id from an Active Directory domain
controller. This functionality is enabled by defining the
"winbind nss info" smb.conf option to either "sfu" or
"rfc2307".
Both the Windows "Identity Management for Unix" and
"Services for Unix" MMC plug-ins allow a user to be assigned
a primary group for Unix clients that differs from the user's
Windows primary group. When the rfc2307 or sfu nss_info plugin
has been enabled, in the absence of either the RFC2307 or SFU
primary group attribute, Winbind will assign a primary group ID
of 0 to the domain user queried using the getpwnam() C library
call.
Discovery 2007-09-11 Entry 2007-09-21 Modified 2008-09-26 samba
< 3.0.26a
gt *,1 lt 3.0.26a,1
CVE-2007-4138
http://www.samba.org/samba/security/CVE-2007-4138.html
|