Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2012-01-30 CVE-2012-0817 Information Exposure vulnerability in Samba 3.6.0/3.6.1/3.6.2
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
network
low complexity
samba CWE-200
5.0
2011-10-02 CVE-2011-2411 Remote Code Execution vulnerability in HP NonStop Server
Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.
network
low complexity
samba hp
critical
9.0
2011-07-29 CVE-2011-2522 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
6.8
2011-04-10 CVE-2011-1678 Improper Input Validation vulnerability in Samba
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
local
samba CWE-20
3.3
2011-03-01 CVE-2011-0719 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
network
low complexity
samba CWE-119
5.0
2010-03-10 CVE-2010-0728 Permissions, Privileges, and Access Controls vulnerability in Samba 3.3.11/3.4.6/3.5.0
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
network
samba CWE-264
8.5
2009-09-14 CVE-2009-2813 Permissions, Privileges, and Access Controls vulnerability in multiple products
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
6.0
2009-06-25 CVE-2009-1888 Permissions, Privileges, and Access Controls vulnerability in multiple products
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
5.8
2009-06-25 CVE-2009-1886 USE of Externally-Controlled Format String vulnerability in Samba
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
network
samba CWE-134
critical
9.3
2009-01-05 CVE-2009-0022 Improper Input Validation vulnerability in Samba
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.
network
samba CWE-20
6.3