Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2008-12-01 CVE-2008-4314 Information Exposure vulnerability in Samba
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
network
low complexity
samba CWE-200
8.5
2008-05-29 CVE-2008-1105 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
network
low complexity
samba canonical debian CWE-119
7.5
2007-12-13 CVE-2007-6015 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
network
samba CWE-119
critical
9.3
2007-11-16 CVE-2007-5398 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
network
samba CWE-119
critical
9.3
2007-11-16 CVE-2007-4572 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
network
samba CWE-119
critical
9.3
2007-09-14 CVE-2007-4138 Permissions, Privileges, and Access Controls vulnerability in Samba
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
local
samba CWE-264
6.9
2007-08-03 CVE-2007-2407 Multiple Security vulnerability in Apple Mac OS X 2007-007
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
network
low complexity
apple samba
4.0
2007-05-14 CVE-2007-2447 Remote Shell Command Execution vulnerability in Samba MS-RPC
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
network
samba
6.0
2007-05-14 CVE-2007-2446 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
network
low complexity
samba CWE-119
critical
10.0
2007-05-14 CVE-2007-2444 Improper Privilege Management vulnerability in multiple products
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
local
low complexity
samba debian canonical CWE-269
7.2