Vulnerabilities > Samba
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-01-30 | CVE-2012-0817 | Information Exposure vulnerability in Samba 3.6.0/3.6.1/3.6.2 Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. | 5.0 |
2011-10-02 | CVE-2011-2411 | Remote Code Execution vulnerability in HP NonStop Server Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
2011-07-29 | CVE-2011-2522 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. | 6.8 |
2011-04-10 | CVE-2011-1678 | Improper Input Validation vulnerability in Samba smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2011-03-01 | CVE-2011-0719 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. | 5.0 |
2010-03-10 | CVE-2010-0728 | Permissions, Privileges, and Access Controls vulnerability in Samba 3.3.11/3.4.6/3.5.0 smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | 8.5 |
2009-09-14 | CVE-2009-2813 | Permissions, Privileges, and Access Controls vulnerability in multiple products Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. | 6.0 |
2009-06-25 | CVE-2009-1888 | Permissions, Privileges, and Access Controls vulnerability in multiple products The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | 5.8 |
2009-06-25 | CVE-2009-1886 | USE of Externally-Controlled Format String vulnerability in Samba Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | 9.3 |
2009-01-05 | CVE-2009-0022 | Improper Input Validation vulnerability in Samba Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. | 6.3 |