This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Samba First view 2009-06-24
Product Samba Last view 2022-08-29
Version 3.2.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:samba:samba

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2022-08-29 CVE-2022-0336

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

5.4 2022-08-25 CVE-2022-32746

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

8.1 2022-08-25 CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

8.8 2022-08-25 CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

4.3 2022-08-25 CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

8.8 2022-08-25 CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

6.8 2022-08-23 CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

8.8 2022-03-16 CVE-2020-25721

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

8.8 2022-03-02 CVE-2021-3738

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

7.5 2022-03-02 CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

8.8 2022-02-21 CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

4.3 2022-02-21 CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

8.8 2022-02-18 CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

7.2 2022-02-18 CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

8.8 2022-02-18 CVE-2020-25718

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

8.1 2022-02-18 CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

5.9 2022-02-18 CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

2.5 2022-01-11 CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

6.5 2021-10-12 CVE-2021-3671

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

7.5 2021-05-12 CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

7.5 2021-05-12 CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

6.8 2021-05-05 CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

4.3 2020-12-03 CVE-2020-14318

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

6.5 2020-12-02 CVE-2020-14383

A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.

7.2 2020-11-11 CVE-2020-17049

Kerberos Security Feature Bypass Vulnerability

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
10% (11) CWE-20 Improper Input Validation
9% (10) CWE-476 NULL Pointer Dereference
7% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (7) CWE-416 Use After Free
5% (6) CWE-264 Permissions, Privileges, and Access Controls
5% (6) CWE-125 Out-of-bounds Read
4% (5) CWE-254 Security Features
2% (3) CWE-362 Race Condition
2% (3) CWE-287 Improper Authentication
2% (3) CWE-276 Incorrect Default Permissions
2% (3) CWE-200 Information Exposure
2% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (2) CWE-787 Out-of-bounds Write
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-358 Improperly Implemented Security Check for Standard
1% (2) CWE-352 Cross-Site Request Forgery (CSRF)
1% (2) CWE-284 Access Control (Authorization) Issues
1% (2) CWE-189 Numeric Errors
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-674 Uncontrolled Recursion
0% (1) CWE-665 Improper Initialization
0% (1) CWE-522 Insufficiently Protected Credentials
0% (1) CWE-415 Double Free

SAINT Exploits

Description Link
Samba shared library upload and execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
74872 Samba smbfs mount.cifs / umount.cifs RLIMIT_FSIZE Value Handling mtab Local C...
74871 Samba mount.cifs Tool Share / Directory Name Newline Injection mtab Corruptio...
74072 Samba SWAT Change Password Page user Field XSS
74071 Samba SWAT Multiple Function CSRF
71268 Samba FD_SET Macro Memory Corruption
67994 Samba sid_parse() Function SID Parsing Remote Overflow
65518 Samba smbd process.c chain_reply Function SMB1 Packet Chaining Memory Corruption
65436 Samba smbd sesssetup.c Session Setup AndX Security Blob Length Value Uninitia...
65435 Samba smbd process.c chain_reply Function Session Setup AndX Request NULL Der...
62155 Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Loc...
58520 Samba SUID mount.cifs --verbose Argument Arbitrary File Portion Disclosure
58519 Samba smbd Crafted SMB Request Remote CPU Consumption DoS
57955 Samba Unconfigured Home Directory Windows File Share Directory Access Restric...
55412 Samba smbclient client/client.c Filename Specifiers Multiple Format Strings
55411 Samba smbd/posix_acls.c acl_group_override Function Remote Access Control Lis...

ExploitDB Exploits

id Description
27778 Samba nttrans Reply - Integer Overflow Vulnerability
17577 SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0507-1 (update)
File : nvt/gb_suse_2012_0507_1.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-210-03 samba
File : nvt/esoft_slk_ssa_2011_210_03.nasl
2012-08-30 Name : Fedora Update for samba FEDORA-2012-5793
File : nvt/gb_fedora_2012_5793_samba_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-29 (mount-cifs)
File : nvt/glsa_201206_29.nasl
2012-08-03 Name : Mandriva Update for samba MDVSA-2012:055 (samba)
File : nvt/gb_mandriva_MDVSA_2012_055.nasl
2012-08-02 Name : SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)
File : nvt/gb_suse_2012_0508_1.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2011:0305 centos5 x86_64
File : nvt/gb_CESA-2011_0305_libsmbclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2011:0306 centos5 x86_64
File : nvt/gb_CESA-2011_0306_samba3x_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64
File : nvt/gb_CESA-2011_1219_libsmbclient_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for samba CESA-2011:1219 centos4 x86_64
File : nvt/gb_CESA-2011_1219_samba_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2011:1220 centos5 x86_64
File : nvt/gb_CESA-2011_1220_samba3x_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos5
File : nvt/gb_CESA-2012_0465_libsmbclient_centos5.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos6
File : nvt/gb_CESA-2012_0465_libsmbclient_centos6.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2012:0466 centos5
File : nvt/gb_CESA-2012_0466_samba3x_centos5.nasl
2012-07-09 Name : RedHat Update for samba and cifs-utils RHSA-2011:1221-01
File : nvt/gb_RHSA-2011_1221-01_samba_and_cifs-utils.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-17 Name : Fedora Update for samba4 FEDORA-2012-6382
File : nvt/gb_fedora_2012_6382_samba4_fc16.nasl
2012-05-04 Name : Fedora Update for samba4 FEDORA-2012-6349
File : nvt/gb_fedora_2012_6349_samba4_fc15.nasl
2012-05-04 Name : Fedora Update for samba FEDORA-2012-6999
File : nvt/gb_fedora_2012_6999_samba_fc15.nasl
2012-05-04 Name : Fedora Update for samba FEDORA-2012-7006
File : nvt/gb_fedora_2012_7006_samba_fc16.nasl
2012-04-30 Name : Debian Security Advisory DSA 2450-1 (samba)
File : nvt/deb_2450_1.nasl
2012-04-30 Name : FreeBSD Ports: samba34
File : nvt/freebsd_samba342.nasl
2012-04-23 Name : Fedora Update for samba FEDORA-2012-5805
File : nvt/gb_fedora_2012_5805_samba_fc15.nasl
2012-04-16 Name : Fedora Update for samba FEDORA-2012-5843
File : nvt/gb_fedora_2012_5843_samba_fc16.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0067 Multiple Vulnerabilities in Samba
Severity: Category I - VMSKEY: V0051853
2013-B-0131 Multiple Vulnerabilities in Samba
Severity: Category I - VMSKEY: V0042303
2013-B-0082 Samba Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039910
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2019-02-04 Samba is_known_pipe arbitrary module load code execution attempt
RuleID : 49090-community - Type : SERVER-SAMBA - Revision : 1
2019-03-07 Samba is_known_pipe arbitrary module load code execution attempt
RuleID : 49090 - Type : SERVER-SAMBA - Revision : 1
2018-07-03 Possible Samba internal DNS forged response
RuleID : 46848 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46282 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46281 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46280 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46279 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46278 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46277 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46276 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46275 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46274 - Type : SERVER-SAMBA - Revision : 1
2018-05-15 Samba spoolss denial of service attempt
RuleID : 46273 - Type : SERVER-SAMBA - Revision : 1
2018-01-23 Samba tree connect andx memory corruption attempt
RuleID : 45255 - Type : SERVER-SAMBA - Revision : 2
2018-01-03 Samba unsigned connections attempt
RuleID : 45074 - Type : SERVER-SAMBA - Revision : 3
2018-01-03 Samba write command memory leak attempt
RuleID : 45072 - Type : SERVER-SAMBA - Revision : 2
2018-01-03 Samba write and unlock command memory leak attempt
RuleID : 45071 - Type : SERVER-SAMBA - Revision : 2
2018-01-03 Samba write and close command memory leak attempt
RuleID : 45070 - Type : SERVER-SAMBA - Revision : 2
2018-01-03 Samba write andx command memory leak attempt
RuleID : 45069 - Type : SERVER-SAMBA - Revision : 2
2017-07-04 Samba LDAP modify dnsRecord buffer overflow attempt
RuleID : 43053 - Type : SERVER-SAMBA - Revision : 1
2017-05-25 Samba is_known_pipe arbitrary module load code execution attempt
RuleID : 43004-community - Type : SERVER-SAMBA - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-bc22d6c7bc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c2a93f8e1b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e423e8743f.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1126.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3056.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-1607.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-333-01.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4345.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_54976998f24811e881e2005056a311d1.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2789.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2791.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1238.nasl - Type: ACT_GATHER_INFO
2018-08-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8e4d871867.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-229-02.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4271.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c4e9a4279fc211e8802a000c29a1e3ec.nasl - Type: ACT_GATHER_INFO
2018-06-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1860.nasl - Type: ACT_GATHER_INFO
2018-06-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1883.nasl - Type: ACT_GATHER_INFO
2018-05-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201805-07.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1320.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7d0acd608b.nasl - Type: ACT_GATHER_INFO
2018-03-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c5c651ac44.nasl - Type: ACT_GATHER_INFO
2018-03-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-072-02.nasl - Type: ACT_GATHER_INFO
2018-03-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4135.nasl - Type: ACT_GATHER_INFO