FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffcbd42d-a8c5-11dc-bec2-02e0185f8d72samba -- buffer overflow vulnerability

Secuna Research reports:

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "send_mailslot()" function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Successful exploitation allows execution of arbitrary code, but requires that the "domain logons" option is enabled.


Discovery 2007-12-10
Entry 2007-12-12
Modified 2008-09-26
samba
samba3
ja-samba
< 3.0.28

gt *,1 lt 3.0.28,1

CVE-2007-6015
http://secunia.com/advisories/27760/
2de14f7a-dad9-11d8-b59a-00061bc2ad93Multiple Potential Buffer Overruns in Samba

Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool (SWAT) on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected.

Another buffer overflow bug has been found in the code used to support the "mangling method = hash" smb.conf option. The default setting for this parameter is "mangling method = hash2" and therefore not vulnerable. Versions between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.


Discovery 2004-07-14
Entry 2004-07-21
Modified 2008-09-26
samba
gt 3.* lt 3.0.5

gt 3.*,1 lt 3.0.5,1

< 2.2.10

ja-samba
< 2.2.10.j1.0

CVE-2004-0600
CVE-2004-0686
http://www.securityfocus.com/archive/1/369698
http://www.securityfocus.com/archive/1/369706
http://www.samba.org/samba/whatsnew/samba-3.0.5.html
http://www.samba.org/samba/whatsnew/samba-2.2.10.html
http://www.osvdb.org/8190
http://www.osvdb.org/8191
http://secunia.com/advisories/12130
a63b15f9-97ff-11dc-9e48-0016179b2dd5samba -- multiple vulnerabilities

The Samba Team reports:

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf.

Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller.


Discovery 2007-11-15
Entry 2007-11-21
Modified 2008-09-26
samba
samba3
ja-samba
< 3.0.26a

gt *,1 lt 3.0.26a_2,1

26454
CVE-2007-4572
CVE-2007-5398
http://secunia.com/advisories/27450/
http://us1.samba.org/samba/security/CVE-2007-4572.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
de16b056-132e-11d9-bc4a-000c41e2cdadsamba -- remote file disclosure

According to a Samba Team security notice:

A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection.

The original notice for CAN-2004-0815 indicated that Samba 3.0.x <= 3.0.5 was vulnerable to the security issue. After further research, Samba developers have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable code.


Discovery 2004-09-30
Entry 2004-09-30
Modified 2008-09-26
samba
< 2.2.12

gt 3.* le 3.0.2a

gt 3.*,1 le 3.0.2a_1,1

ja-samba
< 2.2.11.j1.0_1

CVE-2004-0815
http://www.samba.org/samba/news/#security_2.2.12
2bc96f18-683f-11dc-82b6-02e0185f8d72samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports:

The idmap_ad.so library provides an nss_info extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf option to either "sfu" or "rfc2307".

Both the Windows "Identity Management for Unix" and "Services for Unix" MMC plug-ins allow a user to be assigned a primary group for Unix clients that differs from the user's Windows primary group. When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call.


Discovery 2007-09-11
Entry 2007-09-21
Modified 2008-09-26
samba
< 3.0.26a

gt *,1 lt 3.0.26a,1

CVE-2007-4138
http://www.samba.org/samba/security/CVE-2007-4138.html
3b3676be-52e1-11d9-a9e7-0001020eed82samba -- integer overflow vulnerability

Greg MacManus, iDEFENSE Labs reports:

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

Successful remote exploitation allows an attacker to gain root privileges on a vulnerable system. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs.


Discovery 2004-12-02
Entry 2004-12-21
Modified 2008-09-26
samba
< 3.0.10

gt *,1 lt 3.0.10,1

ja-samba
< 2.2.12.j1.0beta1_2

gt 3.* lt 3.0.10

gt 3.*,1 lt 3.0.10,1

CVE-2004-1154
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
http://www.samba.org/samba/security/CAN-2004-1154.html