Vulnerabilities > Samba > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-17 | CVE-2013-0172 | Permissions, Privileges, and Access Controls vulnerability in Samba 4.0.0 Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. | 3.5 |
2011-04-10 | CVE-2011-1678 | Improper Input Validation vulnerability in Samba smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
2006-03-30 | CVE-2006-1059 | Local Information Disclosure vulnerability in Samba Machine Trust Account The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | 1.2 |
2003-03-31 | CVE-2003-0086 | Unspecified vulnerability in Samba The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | 1.2 |
2002-03-15 | CVE-2002-0080 | Improper Privilege Management vulnerability in multiple products rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | 2.1 |
2001-07-02 | CVE-2001-0406 | Symbolic Link vulnerability in Samba Insecure TMP file Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | 2.1 |
2000-12-19 | CVE-2000-0936 | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | 2.1 |