Vulnerabilities > Samba > Samba > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-16 | CVE-2007-5398 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | 9.3 |
| 2007-11-16 | CVE-2007-4572 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | 9.3 |
| 2007-05-14 | CVE-2007-2447 | Remote Shell Command Execution vulnerability in Samba MS-RPC The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. network samba | 6.0 |
| 2007-05-14 | CVE-2007-2446 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | 10.0 |
| 2006-07-12 | CVE-2006-3403 | Denial of Service vulnerability in Samba Internal Data Structures The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | 5.0 |
| 2005-01-27 | CVE-2004-0882 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | 10.0 |
| 2005-01-10 | CVE-2004-1154 | Remote Integer Overflow vulnerability in Samba Directory Access Control List Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | 10.0 |
| 2004-12-31 | CVE-2004-2546 | Denial-Of-Service vulnerability in Samba Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | 6.4 |
| 2004-12-31 | CVE-2004-0808 | Unspecified vulnerability in Samba The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | 5.0 |
| 2004-11-03 | CVE-2004-0815 | Remote Arbitrary File Access vulnerability in Samba The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. | 7.5 |