Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2011-3585 Race Condition vulnerability in multiple products
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
local
high complexity
samba redhat CWE-362
4.7
2019-12-10 CVE-2019-14870 Improper Authentication vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable.
5.4
2019-12-10 CVE-2019-14861 Incorrect Default Permissions vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones.
5.3
2019-11-06 CVE-2019-14847 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10.
network
low complexity
samba opensuse fedoraproject CWE-476
4.9
2019-11-06 CVE-2019-14833 Weak Password Requirements vulnerability in multiple products
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user.
network
low complexity
samba opensuse fedoraproject CWE-521
5.4
2019-11-06 CVE-2019-10218 Path Traversal vulnerability in multiple products
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators.
network
low complexity
samba fedoraproject CWE-22
6.5
2019-09-03 CVE-2019-10197 Path Traversal vulnerability in multiple products
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file.
network
low complexity
samba debian canonical CWE-22
critical
9.1
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
7.8
2019-07-31 CVE-2018-16860 Improperly Implemented Security Check for Standard vulnerability in multiple products
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode.
network
high complexity
samba heimdal-project CWE-358
7.5
2019-06-19 CVE-2019-12436 NULL Pointer Dereference vulnerability in multiple products
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service.
network
low complexity
samba canonical CWE-476
6.5