Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2017-12-06 CVE-2017-17433 Missing Authorization vulnerability in multiple products
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
network
high complexity
debian samba CWE-862
3.7
2017-11-27 CVE-2017-15275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
network
low complexity
samba redhat debian canonical CWE-119
7.5
2017-11-27 CVE-2017-14746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
network
low complexity
samba redhat debian canonical CWE-416
critical
9.8
2017-11-06 CVE-2017-16548 Out-of-bounds Read vulnerability in multiple products
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
network
low complexity
samba debian canonical CWE-125
critical
9.8
2017-10-29 CVE-2017-15994 Improper Validation of Integrity Check Value vulnerability in Samba Rsync
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
network
low complexity
samba CWE-354
critical
9.8
2017-07-13 CVE-2017-11103 Insufficient Verification of Data Authenticity vulnerability in multiple products
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
network
high complexity
heimdal-project freebsd samba apple debian CWE-345
8.1
2017-06-06 CVE-2017-9461 Infinite Loop vulnerability in multiple products
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
network
low complexity
samba redhat debian CWE-835
6.5
2017-05-30 CVE-2017-7494 Code Injection vulnerability in multiple products
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
network
low complexity
samba debian CWE-94
critical
9.8
2017-05-11 CVE-2016-2126 Permissions, Privileges, and Access Controls vulnerability in Samba
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum.
network
low complexity
samba CWE-264
6.5
2016-07-07 CVE-2016-2119 Code Injection vulnerability in Samba
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
network
high complexity
samba CWE-94
7.5