Vulnerabilities > Samba > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-25 | CVE-2009-1886 | USE of Externally-Controlled Format String vulnerability in Samba Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | 9.3 |
2007-12-13 | CVE-2007-6015 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | 9.3 |
2007-11-16 | CVE-2007-5398 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | 9.3 |
2007-11-16 | CVE-2007-4572 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | 9.3 |
2007-05-14 | CVE-2007-2446 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | 10.0 |
2005-01-27 | CVE-2004-0882 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | 10.0 |
2005-01-10 | CVE-2004-1154 | Remote Integer Overflow vulnerability in Samba Directory Access Control List Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | 10.0 |
2004-12-31 | CVE-2004-2687 | Configuration vulnerability in multiple products distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | 9.3 |
2004-07-27 | CVE-2004-0600 | Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. | 10.0 |
2003-05-05 | CVE-2003-0201 | Remote Buffer Overflow vulnerability in Samba 'call_trans2open' Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | 10.0 |