Samba

Samba

217 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.85%
  • Veröffentlicht 19.06.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:22:50

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

Exploit
  • EPSS 0.55%
  • Veröffentlicht 09.04.2019 16:29:01
  • Zuletzt bearbeitet 14.01.2025 19:29:55

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700,...

  • EPSS 3.39%
  • Veröffentlicht 09.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:47

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation...

  • EPSS 2.82%
  • Veröffentlicht 06.03.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of ...

Exploit
  • EPSS 5.19%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:27

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denia...

  • EPSS 4.59%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validl...

  • EPSS 3.25%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:26

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory obj...

  • EPSS 2.23%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:26

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZO...

  • EPSS 3.08%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:27

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samb...

  • EPSS 2.3%
  • Veröffentlicht 28.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:27

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this...