This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Samba First view 1997-09-30
Product Samba Last view 2020-07-07
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:* 85
cpe:2.3:a:samba:samba:3.0.2:-:*:*:*:*:*:* 83
cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:* 83
cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:* 83
cpe:2.3:a:samba:samba:3.0.4:-:*:*:*:*:*:* 82
cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:* 82
cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:* 81
cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.21:-:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:* 80
cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:* 79
cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:* 79
cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:* 78
cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:* 78
cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:* 78
cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:* 78
cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:* 78
cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.20:-:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.14:-:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* 77
cpe:2.3:a:samba:samba:3.0.23:-:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* 76
cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:* 75
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* 75

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-07-07 CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

6.5 2020-07-07 CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

7.5 2020-07-06 CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

6.5 2020-07-06 CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

7.5 2020-05-06 CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

5.3 2020-05-04 CVE-2020-10700

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

6.5 2020-01-21 CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

6.5 2020-01-21 CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

5.4 2020-01-21 CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

4.7 2019-12-31 CVE-2011-3585

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

5.4 2019-12-10 CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

5.3 2019-12-10 CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

4.9 2019-11-06 CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

5.4 2019-11-06 CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

6.5 2019-11-06 CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

9.1 2019-09-03 CVE-2019-10197

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

7.5 2019-07-31 CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

6.5 2019-06-19 CVE-2019-12436

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

6.5 2019-06-19 CVE-2019-12435

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

5.4 2019-04-09 CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

6.1 2019-04-09 CVE-2019-3870

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

6.5 2019-03-06 CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

5.9 2018-11-28 CVE-2018-16857

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

5.9 2018-11-28 CVE-2018-16853

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.

4.4 2018-11-28 CVE-2018-16852

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
15% (17) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (15) CWE-264 Permissions, Privileges, and Access Controls
11% (13) CWE-20 Improper Input Validation
7% (8) CWE-476 NULL Pointer Dereference
5% (6) CWE-254 Security Features
5% (6) CWE-200 Information Exposure
4% (5) CWE-416 Use After Free
3% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (3) CWE-310 Cryptographic Issues
2% (3) CWE-189 Numeric Errors
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-399 Resource Management Errors
1% (2) CWE-362 Race Condition
1% (2) CWE-358 Improperly Implemented Security Check for Standard
1% (2) CWE-352 Cross-Site Request Forgery (CSRF)
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-134 Uncontrolled Format String
1% (2) CWE-125 Out-of-bounds Read
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-522 Insufficiently Protected Credentials
0% (1) CWE-521 Weak Password Requirements
0% (1) CWE-415 Double Free
0% (1) CWE-345 Insufficient Verification of Data Authenticity
0% (1) CWE-287 Improper Authentication

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:1467 Samba Encrypted Password DoS
oval:org.mitre.oval:def:552 SMB/CIFS Packet Fragment Re-assembly BO
oval:org.mitre.oval:def:554 Samba Arbitrary File Overwrite Vulnerability
oval:org.mitre.oval:def:564 Multiple Buffer Overflows in Samba
oval:org.mitre.oval:def:567 BO in Samba call_trans2open Function
oval:org.mitre.oval:def:2163 Samba call_trans2open() Buffer Overflow
oval:org.mitre.oval:def:827 Samba mksmboasswd Disabled Account Creation Vulnerability
oval:org.mitre.oval:def:10675 The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when ...
oval:org.mitre.oval:def:11445 Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to...
oval:org.mitre.oval:def:10461 Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangli...
oval:org.mitre.oval:def:11141 Samba 3.0.6 and earlier allows remote attackers to cause a denial of service ...
oval:org.mitre.oval:def:10344 The process_logon_packet function in the nmbd server for Samba 3.0.6 and earl...
oval:org.mitre.oval:def:9969 Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3...
oval:org.mitre.oval:def:10936 The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions ...
oval:org.mitre.oval:def:642 HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)
oval:org.mitre.oval:def:1459 HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)
oval:org.mitre.oval:def:10236 Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3....
oval:org.mitre.oval:def:11355 The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...
oval:org.mitre.oval:def:9758 smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to caus...
oval:org.mitre.oval:def:21734 ELSA-2007:0061: samba security update (Moderate)
oval:org.mitre.oval:def:11415 Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0....
oval:org.mitre.oval:def:20051 DSA-1291-2 samba
oval:org.mitre.oval:def:10062 The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remo...
oval:org.mitre.oval:def:22405 ELSA-2007:0354: samba security update (Critical)
oval:org.mitre.oval:def:10375 The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba ...

SAINT Exploits

Description Link
Samba call_trans2open buffer overflow More info here
Samba shared library upload and execution More info here
Samba lsa_io_trans_names buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
76058 Samba mtab Lock File Handling Local DoS
75671 HP NonStop Server Unspecified Remote Code Execution
74872 Samba smbfs mount.cifs / umount.cifs RLIMIT_FSIZE Value Handling mtab Local C...
74871 Samba mount.cifs Tool Share / Directory Name Newline Injection mtab Corruptio...
74072 Samba SWAT Change Password Page user Field XSS
74071 Samba SWAT Multiple Function CSRF
71268 Samba FD_SET Macro Memory Corruption
67994 Samba sid_parse() Function SID Parsing Remote Overflow
65518 Samba smbd process.c chain_reply Function SMB1 Packet Chaining Memory Corruption
65436 Samba smbd sesssetup.c Session Setup AndX Security Blob Length Value Uninitia...
65435 Samba smbd process.c chain_reply Function Session Setup AndX Request NULL Der...
62803 Samba CAP_DAC_OVERRIDE Capability Flag File Permission Restriction Bypass
62186 Samba mount.cifs Symlink Arbitrary File Access
62155 Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Loc...
62145 Samba Guest Account Symlink Traversal Arbitrary File Access
59810 Samba reply_nttrans Function Remote Overflow
59350 Samba Web Administration Tool (SWAT) Malformed HTTP Request Saturation Remote...
58520 Samba SUID mount.cifs --verbose Argument Arbitrary File Portion Disclosure
58519 Samba smbd Crafted SMB Request Remote CPU Consumption DoS
57955 Samba Unconfigured Home Directory Windows File Share Directory Access Restric...
55412 Samba smbclient client/client.c Filename Specifiers Multiple Format Strings
55411 Samba smbd/posix_acls.c acl_group_override Function Remote Access Control Lis...
51152 Samba Crafted Connection Request Remote Root File System Access
50230 Samba smbd *trans* Request Arbitrary Remote Memory Disclosure
47786 Samba group_mapping.tdb Permission Weakness Privilege Escalation

ExploitDB Exploits

id Description
27778 Samba nttrans Reply - Integer Overflow Vulnerability
17577 SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC
16320 Samba "username map script" Command Execution

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0507-1 (update)
File : nvt/gb_suse_2012_0507_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0583-1 (update)
File : nvt/gb_suse_2012_0583_1.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-210-03 samba
File : nvt/esoft_slk_ssa_2011_210_03.nasl
2012-08-30 Name : Fedora Update for samba FEDORA-2012-5793
File : nvt/gb_fedora_2012_5793_samba_fc17.nasl
2012-08-30 Name : Fedora Update for samba FEDORA-2012-6981
File : nvt/gb_fedora_2012_6981_samba_fc17.nasl
2012-08-30 Name : Fedora Update for evolution-mapi FEDORA-2012-7317
File : nvt/gb_fedora_2012_7317_evolution-mapi_fc17.nasl
2012-08-30 Name : Fedora Update for openchange FEDORA-2012-7317
File : nvt/gb_fedora_2012_7317_openchange_fc17.nasl
2012-08-30 Name : Fedora Update for samba4 FEDORA-2012-7317
File : nvt/gb_fedora_2012_7317_samba4_fc17.nasl
2012-08-23 Name : distcc Remote Code Execution Vulnerability
File : nvt/gb_distcc_cve_2004_2687.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-29 (mount-cifs)
File : nvt/glsa_201206_29.nasl
2012-08-03 Name : Mandriva Update for samba MDVSA-2012:055 (samba)
File : nvt/gb_mandriva_MDVSA_2012_055.nasl
2012-08-03 Name : Mandriva Update for samba MDVSA-2012:067 (samba)
File : nvt/gb_mandriva_MDVSA_2012_067.nasl
2012-08-02 Name : SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)
File : nvt/gb_suse_2012_0508_1.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2011:0305 centos5 x86_64
File : nvt/gb_CESA-2011_0305_libsmbclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2011:0306 centos5 x86_64
File : nvt/gb_CESA-2011_0306_samba3x_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64
File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for samba CESA-2011:1219 centos4 x86_64
File : nvt/gb_CESA-2011_1219_samba_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2011:1220 centos5 x86_64
File : nvt/gb_CESA-2011_1220_samba3x_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for samba CESA-2012:0332 centos4
File : nvt/gb_CESA-2012_0332_samba_centos4.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos5
File : nvt/gb_CESA-2012_0465_libsmbclient_centos5.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos6
File : nvt/gb_CESA-2012_0465_libsmbclient_centos6.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2012:0466 centos5
File : nvt/gb_CESA-2012_0466_samba3x_centos5.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0533 centos6
File : nvt/gb_CESA-2012_0533_libsmbclient_centos6.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2012:0533 centos5
File : nvt/gb_CESA-2012_0533_samba3x_centos5.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0083 Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity: Category I - VMSKEY: V0060983
2015-A-0042 Samba Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0058919
2014-B-0105 Samba Remote Code Execution
Severity: Category I - VMSKEY: V0053637
2014-B-0067 Multiple Vulnerabilities in Samba
Severity: Category I - VMSKEY: V0051853
2013-B-0131 Multiple Vulnerabilities in Samba
Severity: Category I - VMSKEY: V0042303
2013-B-0082 Samba Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039910
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 SMB NT Trans Secondary unicode andx Param Count overflow attempt
RuleID : 6713 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans Secondary andx Param Count overflow attempt
RuleID : 6712 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt
RuleID : 6711 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS NT Trans Secondary andx Param Count overflow attempt
RuleID : 6710 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans Secondary unicode andx Param Count overflow attempt
RuleID : 6709 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans Secondary andx Param Count overflow attempt
RuleID : 6708 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans Secondary unicode Param Count overflow attempt
RuleID : 6707 - Type : NETBIOS - Revision : 5
2014-01-10 SMB NT Trans Secondary Param Count overflow attempt
RuleID : 6706 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS NT Trans Secondary unicode Param Count overflow attempt
RuleID : 6705 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS NT Trans Secondary Param Count overflow attempt
RuleID : 6704 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans Secondary unicode Param Count overflow attempt
RuleID : 6703 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans Secondary Param Count overflow attempt
RuleID : 6702 - Type : NETBIOS - Revision : 2
2019-02-04 Samba is_known_pipe arbitrary module load code execution attempt
RuleID : 49090-community - Type : SERVER-SAMBA - Revision : 1
2019-03-07 Samba is_known_pipe arbitrary module load code execution attempt
RuleID : 49090 - Type : SERVER-SAMBA - Revision : 1
2018-07-03 Possible Samba internal DNS forged response
RuleID : 46848 - Type : INDICATOR-COMPROMISE - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4674 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4673 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt
RuleID : 4672 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC DACL overflow attempt
RuleID : 4671 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4670 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4669 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt
RuleID : 4668 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt
RuleID : 4667 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4666 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4665 - Type : NETBIOS - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-bc22d6c7bc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c2a93f8e1b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e423e8743f.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1126.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3056.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1607.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-333-01.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4345.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_54976998f24811e881e2005056a311d1.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2789.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2791.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1238.nasl - Type: ACT_GATHER_INFO
2018-08-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8e4d871867.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-229-02.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4271.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c4e9a4279fc211e8802a000c29a1e3ec.nasl - Type: ACT_GATHER_INFO
2018-06-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1860.nasl - Type: ACT_GATHER_INFO
2018-06-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1883.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201805-07.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1320.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7d0acd608b.nasl - Type: ACT_GATHER_INFO
2018-03-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c5c651ac44.nasl - Type: ACT_GATHER_INFO
2018-03-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-072-02.nasl - Type: ACT_GATHER_INFO
2018-03-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4135.nasl - Type: ACT_GATHER_INFO