FreshPorts - VuXML

Samba team reports:

[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.

[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.

[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

>= 3.6.0 le 3.6.25_4

>= 4.0.0 le 4.0.26

>= 4.1.0 le 4.1.23

>= 4.2.0 le 4.2.14

>= 4.3.0 lt 4.3.13

>= 4.4.0 lt 4.4.8

>= 4.5.0 lt 4.5.3

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.

>= 3.6.0 le 3.6.25_4

>= 4.0.0 le 4.0.26

>= 4.1.0 le 4.1.23

>= 4.2.0 le 4.2.14

>= 4.3.0 le 4.3.13

>= 4.4.0 lt 4.4.12

>= 4.5.0 lt 4.5.7

>= 4.6.0 lt 4.6.1

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.

>= 4.0.0 le 4.0.26

>= 4.1.0 le 4.1.23

>= 4.2.0 lt 4.2.14

>= 4.3.0 lt 4.3.11

>= 4.4.0 lt 4.4.5

Samba team reports:

[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.

[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.

[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.

[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).

[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.

[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection.

[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.

>= 3.6.0 le 3.6.25_3

>= 4.0.0 le 4.0.26

>= 4.1.0 le 4.1.23

>= 4.2.0 lt 4.2.11

>= 4.3.0 lt 4.3.8

>= 4.4.0 lt 4.4.2

Samba team reports:

[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.

[CVE-2015-5330] Malicious request can cause Samba LDAP server to return uninitialized memory that should not be part of the reply.

[CVE-2015-5296] Requesting encryption should also request signing when setting up the connection to protect against man-in-the-middle attacks.

[CVE-2015-5299] A missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots.

[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.

[CVE-2015-8467] Samba can expose Windows DCs to MS15-096 Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).

[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.

>= 3.6.0 lt 3.6.25_2

>= 4.0.0 le 4.0.26

>= 4.1.0 lt 4.1.22

>= 4.2.0 lt 4.2.7

>= 4.3.0 lt 4.3.3

>= 1.0.0 lt 1.1.24