Vulnerabilities > Samba > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-12150 It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled.
network
high complexity
samba redhat debian
7.4
2018-07-26 CVE-2017-12163 An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8.
low complexity
samba redhat debian
7.1
2018-03-13 CVE-2018-1057 Incorrect Authorization vulnerability in multiple products
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
network
low complexity
debian canonical samba CWE-863
8.8
2018-03-12 CVE-2017-2619 Link Following vulnerability in multiple products
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
network
high complexity
samba redhat debian CWE-59
7.5
2018-01-17 CVE-2018-5764 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
network
low complexity
samba debian canonical
7.5
2017-11-27 CVE-2017-15275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
network
low complexity
samba redhat debian canonical CWE-119
7.5
2017-07-13 CVE-2017-11103 Insufficient Verification of Data Authenticity vulnerability in multiple products
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
network
high complexity
heimdal-project freebsd samba apple debian CWE-345
8.1
2016-07-07 CVE-2016-2119 Code Injection vulnerability in Samba
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
network
high complexity
samba CWE-94
7.5
2016-04-25 CVE-2016-2113 Cryptographic Issues vulnerability in multiple products
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
network
high complexity
samba canonical CWE-310
7.4
2016-04-12 CVE-2016-2118 7PK - Security Features vulnerability in multiple products
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
network
high complexity
samba canonical debian CWE-254
7.5