Vulnerabilities > Samba > Samba > 3.0.20b
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-29 | CVE-2008-1105 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. | 7.5 |
2007-12-13 | CVE-2007-6015 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | 9.3 |
2007-11-16 | CVE-2007-5398 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | 9.3 |
2007-11-16 | CVE-2007-4572 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | 9.3 |
2007-05-14 | CVE-2007-2447 | Remote Shell Command Execution vulnerability in Samba MS-RPC The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. network samba | 6.0 |
2007-05-14 | CVE-2007-2446 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | 10.0 |
2007-02-06 | CVE-2007-0454 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. | 7.5 |
2007-02-06 | CVE-2007-0452 | Denial of Service vulnerability in Samba Deferred CIFS File Open smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | 6.8 |
2006-07-12 | CVE-2006-3403 | Denial of Service vulnerability in Samba Internal Data Structures The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | 5.0 |