Vulnerabilities (CVE)

Filtered by vendor Samba Subscribe
Total 230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0080 2 Redhat, Samba 2 Linux, Rsync 2024-11-20 2.1 LOW N/A
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-2001-1162 2 Hp, Samba 2 Cifs-9000 Server, Samba 2024-11-20 10.0 HIGH N/A
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
CVE-2001-0406 1 Samba 1 Samba 2024-11-20 2.1 LOW N/A
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
CVE-2000-0939 1 Samba 1 Samba 2024-11-20 5.0 MEDIUM N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
CVE-2000-0938 1 Samba 1 Samba 2024-11-20 5.0 MEDIUM N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
CVE-2000-0937 1 Samba 1 Samba 2024-11-20 7.5 HIGH N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
CVE-2000-0936 1 Samba 1 Samba 2024-11-20 2.1 LOW N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
CVE-2000-0935 1 Samba 1 Samba 2024-11-20 7.2 HIGH N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
CVE-1999-1288 4 Caldera, Redhat, Samba and 1 more 4 Openlinux, Linux, Samba and 1 more 2024-11-20 4.6 MEDIUM N/A
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
CVE-1999-0812 1 Samba 1 Samba 2024-11-20 7.6 HIGH N/A
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.
CVE-1999-0811 1 Samba 1 Samba 2024-11-20 5.0 MEDIUM N/A
Buffer overflow in Samba smbd program via a malformed message command.
CVE-1999-0810 1 Samba 1 Samba 2024-11-20 10.0 HIGH N/A
Denial of service in Samba NETBIOS name service daemon (nmbd).
CVE-1999-0182 1 Samba 1 Samba 2024-11-20 10.0 HIGH N/A
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
CVE-2023-42670 2 Fedoraproject, Samba 2 Fedora, Samba 2024-11-06 N/A 6.5 MEDIUM
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.
CVE-2020-14318 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2024-10-29 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2022-3437 2 Fedoraproject, Samba 2 Fedora, Samba 2024-10-28 N/A 6.5 MEDIUM
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
CVE-2023-5568 1 Samba 1 Samba 2024-09-18 N/A 6.5 MEDIUM
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2023-4091 3 Fedoraproject, Redhat, Samba 5 Fedora, Enterprise Linux, Enterprise Linux Eus and 2 more 2024-09-16 N/A 6.5 MEDIUM
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
CVE-2023-42669 2 Redhat, Samba 8 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Ibm Z Systems and 5 more 2024-09-16 N/A 6.5 MEDIUM
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
CVE-2023-3961 3 Fedoraproject, Redhat, Samba 5 Fedora, Enterprise Linux, Enterprise Linux Eus and 2 more 2024-09-16 N/A 9.8 CRITICAL
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.