Samba

Samba

217 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.41%
  • Veröffentlicht 03.11.2023 13:15:08
  • Zuletzt bearbeitet 21.11.2024 08:18:24

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services ...

  • EPSS 1.17%
  • Veröffentlicht 03.11.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:22

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows openi...

  • EPSS 1.1%
  • Veröffentlicht 03.11.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:22:55

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intende...

  • EPSS 1.57%
  • Veröffentlicht 25.10.2023 18:17:43
  • Zuletzt bearbeitet 21.11.2024 08:42:02

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

  • EPSS 1.53%
  • Veröffentlicht 20.07.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:00:22

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable ...

  • EPSS 62.02%
  • Veröffentlicht 20.07.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:07:44

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that c...

  • EPSS 62.61%
  • Veröffentlicht 20.07.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:07:44

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be an...

  • EPSS 1.19%
  • Veröffentlicht 20.07.2023 15:15:11
  • Zuletzt bearbeitet 06.12.2024 11:15:05

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attack...

  • EPSS 0.39%
  • Veröffentlicht 20.07.2023 15:15:11
  • Zuletzt bearbeitet 06.12.2024 11:15:06

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This ...

  • EPSS 0.48%
  • Veröffentlicht 03.04.2023 23:15:07
  • Zuletzt bearbeitet 13.02.2025 15:15:12

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.