FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-06 23:27:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e4bc323f-cc73-11e6-b704-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.

[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.

[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.


Discovery 2016-12-19
Entry 2016-12-26
Modified 2016-12-26
samba36
>= 3.6.0 le 3.6.25_4

samba4
>= 4.0.0 le 4.0.26

samba41
>= 4.1.0 le 4.1.23

samba42
>= 4.2.0 le 4.2.14

samba43
>= 4.3.0 lt 4.3.13

samba44
>= 4.4.0 lt 4.4.8

samba45
>= 4.5.0 lt 4.5.3

CVE-2016-2123
https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2125
https://www.samba.org/samba/security/CVE-2016-2125.html
CVE-2016-2126
https://www.samba.org/samba/security/CVE-2016-2126.html
2826317b-10ec-11e7-944e-000c292e4fd8samba -- symlink race allows access outside share definition

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.


Discovery 2017-03-23
Entry 2017-03-24
samba36
>= 3.6.0 le 3.6.25_4

samba4
>= 4.0.0 le 4.0.26

samba41
>= 4.1.0 le 4.1.23

samba42
>= 4.2.0 le 4.2.14

samba43
>= 4.3.0 le 4.3.13

samba44
>= 4.4.0 lt 4.4.12

samba45
>= 4.5.0 lt 4.5.7

samba46
>= 4.6.0 lt 4.6.1

https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2619
4729c849-4897-11e6-b704-000c292e4fd8samba -- client side SMB2/3 required signing can be downgraded

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.


Discovery 2016-07-07
Entry 2016-07-13
samba4
>= 4.0.0 le 4.0.26

samba41
>= 4.1.0 le 4.1.23

samba42
>= 4.2.0 lt 4.2.14

samba43
>= 4.3.0 lt 4.3.11

samba44
>= 4.4.0 lt 4.4.5

CVE-2016-2119
https://www.samba.org/samba/security/CVE-2016-2119.html
a636fc26-00d9-11e6-b704-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.

[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.

[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.

[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).

[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.

[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection.

[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.


Discovery 2016-04-12
Entry 2016-04-12
Modified 2016-04-12
samba36
>= 3.6.0 le 3.6.25_3

samba4
>= 4.0.0 le 4.0.26

samba41
>= 4.1.0 le 4.1.23

samba42
>= 4.2.0 lt 4.2.11

samba43
>= 4.3.0 lt 4.3.8

samba44
>= 4.4.0 lt 4.4.2

CVE-2015-5370
https://www.samba.org/samba/security/CVE-2015-5370.html
CVE-2016-2110
https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2111
https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2112
https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2113
https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2114
https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2115
https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2118
https://www.samba.org/samba/security/CVE-2016-2118.html
ef434839-a6a4-11e5-8275-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.

[CVE-2015-5330] Malicious request can cause Samba LDAP server to return uninitialized memory that should not be part of the reply.

[CVE-2015-5296] Requesting encryption should also request signing when setting up the connection to protect against man-in-the-middle attacks.

[CVE-2015-5299] A missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots.

[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.

[CVE-2015-8467] Samba can expose Windows DCs to MS15-096 Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).

[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.


Discovery 2015-12-16
Entry 2015-12-19
Modified 2016-02-05
samba36
>= 3.6.0 lt 3.6.25_2

samba4
>= 4.0.0 le 4.0.26

samba41
>= 4.1.0 lt 4.1.22

samba42
>= 4.2.0 lt 4.2.7

samba43
>= 4.3.0 lt 4.3.3

ldb
>= 1.0.0 lt 1.1.24

CVE-2015-3223
https://www.samba.org/samba/security/CVE-2015-3223.html
CVE-2015-5252
https://www.samba.org/samba/security/CVE-2015-5252.html
CVE-2015-5296
https://www.samba.org/samba/security/CVE-2015-5296.html
CVE-2015-5299
https://www.samba.org/samba/security/CVE-2015-5299.html
CVE-2015-5330
https://www.samba.org/samba/security/CVE-2015-5330.html
CVE-2015-7540
https://www.samba.org/samba/security/CVE-2015-7540.html
CVE-2015-8467
https://www.samba.org/samba/security/CVE-2015-8467.html