Samba

Samba

211 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.9

CVE-2007-4138

  • EPSS 0.12%
  • Published 14.09.2007 01:17:00
  • Last modified 09.04.2025 00:30:58

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for ...

7.2

CVE-2007-2444

  • EPSS 1.38%
  • Published 14.05.2007 21:19:00
  • Last modified 09.04.2025 00:30:58

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to ...

10

CVE-2007-2446

  • EPSS 77.95%
  • Published 14.05.2007 21:19:00
  • Last modified 09.04.2025 00:30:58

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notif...

6

CVE-2007-2447

  • EPSS 60.9%
  • Published 14.05.2007 21:19:00
  • Last modified 09.04.2025 00:30:58

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled,...

6.8

CVE-2007-0452

  • EPSS 2.19%
  • Published 06.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infi...

4.6

CVE-2007-0453

  • EPSS 0.53%
  • Published 06.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

7.5

CVE-2007-0454

  • EPSS 4.41%
  • Published 06.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during...

5

CVE-2006-3403

  • EPSS 29.76%
  • Published 12.07.2006 19:05:00
  • Last modified 03.04.2025 01:03:51

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

1.2

CVE-2006-1059

  • EPSS 0.46%
  • Published 30.03.2006 17:06:00
  • Last modified 03.04.2025 01:03:51

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.

10

CVE-2004-0882

  • EPSS 33.01%
  • Published 27.01.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.