Download
| Alert*
|
oval:org.secpod.oval:def:32978
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:58413 samba subpackages are installed oval:org.secpod.oval:def:55315 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3976-1 introduced a regression i ... oval:org.secpod.oval:def:52696 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:51554 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Linux Mint 17.x LTS, and Linu ... oval:org.secpod.oval:def:51572 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:51763 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory USN-3242-1 introduced a regression in Sam ... oval:org.secpod.oval:def:52166 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:52392 samba: SMB/CIFS file, print, and login server for Unix A security issue was fixed in Samba. oval:org.secpod.oval:def:602470 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem. oval:org.secpod.oval:def:602842 Two regressions were introduced by the samba update in DSA-3816-1. Updated packages are now available to address these problems. Additionally a regression from DSA-3548-1 causing `net ads join` to freeze when run a second time is fixed along with this update. For reference, the original advisory tex ... oval:org.secpod.oval:def:1800097 samba is installed oval:org.secpod.oval:def:33378 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:52168 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1600822 Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ... oval:org.secpod.oval:def:54404 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:54393 Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares. oval:org.secpod.oval:def:503405 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:89045368 This update for samba provides the following fixes: Security issues fixed: - CVE-2016-2125: Don"t send delegated credentials to all servers. - CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. Non security issues fixed: - Allow SESSION KEY set ... oval:org.secpod.oval:def:1601370 A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server cou ... oval:org.secpod.oval:def:1800766 All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ... oval:org.secpod.oval:def:1800926 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800962 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800963 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800964 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:89045327 This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB - CVE-2015-5252: Insufficient symlink verification - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side - CVE-2015-5299: Currently the snapshot ... oval:org.secpod.oval:def:89045128 This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Bug fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; ; . oval:org.secpod.oval:def:400790 This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Other bugs fixed: - Enable clustering support; . - s3: smbd: Fix timestamp rounding inside SMB2 create; ; . - v ... oval:org.secpod.oval:def:400643 This update for samba fixes the following issues: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target. Also the following bugs were fixed: - Add quotes around path of update-apparmor-samba-profile; . - Prevent access denied if the share path is " ... oval:org.secpod.oval:def:1800096 libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flag. ... oval:org.secpod.oval:def:89044945 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory . oval:org.secpod.oval:def:701875 samba is installed oval:org.secpod.oval:def:702966 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:89002094 This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: Fixed insufficient input validation on client directory listing in libsmbclient; ; The following other change was made: - s3: winbind: Fix "winbind normalize names" in wb_getpwsid; - w ... oval:org.secpod.oval:def:89003062 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . Non-security issue fixed: - Make init scripts create log directories before running daemo ... oval:org.secpod.oval:def:89003169 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . Non-security issues fixed: - Fixed an issue where the first login failed and subsequent o ... oval:org.secpod.oval:def:600779 It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call code which allowed remote code execution as the super user from an unauthenticated connection. oval:org.secpod.oval:def:89002181 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient . The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections oval:org.secpod.oval:def:110283 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:38562 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702905 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:600792 Ivano Cristofolini discovered that insufficient security checks in Samba"s handling of LSA RPC calls could lead to privilege escalation by gaining the "take ownership" privilege. oval:org.secpod.oval:def:89044303 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold . - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs . - Avoid free"ing our own pointer in memc ... oval:org.secpod.oval:def:110290 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:89044302 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Avoid free"ing our own pointer in memcache when memcache_trim attempts to reduce cache size . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:89044733 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory . Bugfixes: - Force usage of ncurses6-config thru NCURSES_CONFIG env var . - Add missing ldb module directory . - Don"t package man pages for VFS modul ... oval:org.secpod.oval:def:203166 samba is installed oval:org.secpod.oval:def:89044634 This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory . For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed . oval:org.secpod.oval:def:203385 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:89044622 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability . - CVE-2017-15275: Server heap memory information leak . Bug fixes: - Update "winbind expand groups" doc in smb.conf man page . oval:org.secpod.oval:def:202310 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:89044246 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Avoid free"ing our own pointer in memcache when memcache_trim attempts to reduce cache size . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:703010 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:203864 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:600171 Volker Lendecke discovered that missing range checks in Samba"s file descriptor handling could lead to memory corruption, resulting in denial of service. oval:org.secpod.oval:def:203972 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connect ... oval:org.secpod.oval:def:204706 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ... oval:org.secpod.oval:def:703110 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relax ... oval:org.secpod.oval:def:702146 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:702386 samba: SMB/CIFS file, print, and login server for Unix A security issue was fixed in Samba. oval:org.secpod.oval:def:89044215 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:89044236 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Avoid free"ing our own pointer in memcache when memcache_trim attempts to reduce cache size . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:703577 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:89044226 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:204500 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:38607 The host is installed with samba4 or samba and is prone to an unconditional privilege delegation vulnerability. A flaw is present in the application, which fails to properly handle Kerberos TGT. An attacker who successfully exploited this vulnerability could fully impersonate the authenticated user ... oval:org.secpod.oval:def:38608 The host is installed with samba4 or samba and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kerberos. An attacker who successfully exploited this vulnerability could watch password changes in Samba oval:org.secpod.oval:def:701256 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended write access to files over the network. oval:org.secpod.oval:def:203801 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:89002202 This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; ; ; - s3/libads: fix seal/signed ldap connections so they are reused; . oval:org.secpod.oval:def:110868 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:110860 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:89002556 Samba was updated to 4.6.15, bringing bug and security fixes. Following security issues were fixed: - CVE-2018-10919: Fix unauthorized attribute access via searches. ; Non-security bugs fixed: - Fix ctdb_mutex_ceph_rados_helper deadlock . - Allow idmap_rid to have primary group other than quot;Doma ... oval:org.secpod.oval:def:89003226 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling . - Abide by l ... oval:org.secpod.oval:def:89002241 Samba was updated to version 4.6.13 to fix several bugs. Security issue fixed: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally . The library talloc was updated to version 2.1.10: - build, documentation and python3 improvements The library tevent was updated to version 0.9.34 ; - R ... oval:org.secpod.oval:def:89002110 Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 : + vfs_ceph: add fake async pwrite/pread send/recv hooks; . + Fix memory leak in vfs_ceph; . + winbind: avoid using fstrcpy in _dual_init_connection; . + s3:smb2_server: correctly maintain request counters for co ... oval:org.secpod.oval:def:600605 The Samba Web Administration Tool contains several cross-site request forgery vulnerabilities and a cross-site scripting vulnerability . oval:org.secpod.oval:def:700852 samba: SMB/CIFS file, print, and login server for Unix Samba could allow a user to gain administrative privileges to the Samba server. oval:org.secpod.oval:def:201607 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:116612 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:116631 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:55031 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba"s Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details can be found in the upstream advisory at https://www.samba.org/samba/security/CVE- ... oval:org.secpod.oval:def:55054 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:1801437 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801440 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:89003015 This update for samba fixes the following issues: - CVE-2020-10704: Fixed a stack overflow in the AD DC LDAP server . oval:org.secpod.oval:def:70117 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:70118 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89003023 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . oval:org.secpod.oval:def:89003002 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . oval:org.secpod.oval:def:89002917 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . oval:org.secpod.oval:def:89002906 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . - Fixed a packaging issue where samba_winbind package was installing python3-base without python3 . - Fi ... oval:org.secpod.oval:def:1800860 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions:¶ samba 3.0.25 to 4.6.7 Fixed in:¶ samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:1800862 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed in: samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:204560 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ... oval:org.secpod.oval:def:1800905 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed In: samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:89044748 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client - CVE-2017-12150: Always enforce smb signing when it is configured - CVE-2017-12151: ... oval:org.secpod.oval:def:201817 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:201833 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:201911 Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the pr ... oval:org.secpod.oval:def:201729 Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the pr ... oval:org.secpod.oval:def:202162 Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authe ... oval:org.secpod.oval:def:202044 Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authe ... oval:org.secpod.oval:def:89430 samba: SMB/CIFS file, print, and login server for Unix Details: USN-5822-1 fixed vulnerabilities in Samba. The update for Linux Mint 20.x LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. We apologize f ... oval:org.secpod.oval:def:202315 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:202329 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ... oval:org.secpod.oval:def:203384 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:1501396 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501395 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:52726 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:501783 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:203863 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:203805 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way connection signing was implemented by Samba. A rem ... oval:org.secpod.oval:def:1600334 A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. oval:org.secpod.oval:def:1800418 CVE-2015-7560 Incorrect ACL get/set allowed on symlink path. All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable toa malicious client overwriting the ownership of ACLs using symlinks. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or di ... oval:org.secpod.oval:def:204672 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:204559 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ... oval:org.secpod.oval:def:204843 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ... oval:org.secpod.oval:def:507631 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be ... oval:org.secpod.oval:def:507537 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be ... oval:org.secpod.oval:def:86310 Netlogon RPC Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:1601704 Netlogon RPC Elevation of Privilege Vulnerability oval:org.secpod.oval:def:3300316 SUSE Security Update: Security update for samba oval:org.secpod.oval:def:507705 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:507726 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:3300351 SUSE Security Update: Security update for samba oval:org.secpod.oval:def:78195 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:3300817 SUSE Security Update: Security update for ldb, samba oval:org.secpod.oval:def:3301281 SUSE Security Update: Security update for samba oval:org.secpod.oval:def:78196 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to crash or run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:89002971 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing . oval:org.secpod.oval:def:89002996 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing . oval:org.secpod.oval:def:89002988 This update for samba fixes the following issues: - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working . - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing . oval:org.secpod.oval:def:503588 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:89003160 This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators . oval:org.secpod.oval:def:89003428 This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators . oval:org.secpod.oval:def:89003314 This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators . oval:org.secpod.oval:def:89047648 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS suppor ... oval:org.secpod.oval:def:89050245 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; ; oval:org.secpod.oval:def:89050464 This update for samba fixes the following issues: Security issue fixed: - CVE-2020-10704: Fixed a stack overflow in the AD DC LDAP server . Non-security issues fixed: - Fixed spnego fallback from kerberos to ntlmssp in smbd server . - Fixed warning messages for non root users using smbclient . oval:org.secpod.oval:def:89050481 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing . - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working . - CVE-2 ... oval:org.secpod.oval:def:89050483 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets . - CVE-2020-10730: Fi ... oval:org.secpod.oval:def:89050616 This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name . - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced . oval:org.secpod.oval:def:89050691 This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name . - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced . oval:org.secpod.oval:def:89050714 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . ldb was updated to version 1.2.4 : - Out of bound read in ldb_wildcard_compare - Hold at ... oval:org.secpod.oval:def:89050749 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync . - CVE-2019-10218: Client code can return filenames containing path separators . - CVE-2019-14833: Fixed Accent with "check script pa ... oval:org.secpod.oval:def:89050845 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-12435: zone operations can crash rpc server; ; . Other issues fixed: - Fix cephwrap_flistxattr debug message; ; . - Add ceph_snapshots VFS module; . - Fix vfs_ceph realpath; ; . - MacOS credit accounting breaks with ... oval:org.secpod.oval:def:89050924 This update for provides the following fixes: Following security issues were fixed: - CVE-2019-14847: User with "get changes" permission could have crashed AD DC LDAP server via dirsync . - CVE-2019-10218: Client code could have returned filenames containing path separators . - CVE-2019-14833: Accen ... oval:org.secpod.oval:def:89048162 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session ... oval:org.secpod.oval:def:89048181 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - CVE- ... oval:org.secpod.oval:def:89048180 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . oval:org.secpod.oval:def:206017 Security Fix: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:89048152 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - CVE- ... oval:org.secpod.oval:def:4501171 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be ... oval:org.secpod.oval:def:5800168 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be ... oval:org.secpod.oval:def:2500942 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:500077 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ... oval:org.secpod.oval:def:200420 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ... oval:org.secpod.oval:def:500222 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:200221 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:1503253 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:500693 Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authe ... oval:org.secpod.oval:def:201628 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ... oval:org.secpod.oval:def:500370 Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the pr ... oval:org.secpod.oval:def:124443 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1506684 evolution-mapi [3.40.1-5] - Related: #2131993 openchange [2.3-40] - Related: #2131993 samba [4.17.5-102.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible is ... oval:org.secpod.oval:def:1506776 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505643 [4.15.5-5] - resolves: rhbz#2064325 - Fix "create krb5 conf = yes" when a KDC has a single IP address. [4.15.5-4] - resolves: rhbz#2057503 - Fix winbind kerberos ticket refresh [4.15.5-3] - related: rhbz#1979959 - Fix typo in testparm output [4.15.5-2] - resolves: rhbz#1979959 - Improve idmap autori ... oval:org.secpod.oval:def:121544 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:119680 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:118161 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:118159 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:117747 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1801768 A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.If samba is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings ... oval:org.secpod.oval:def:1802025 Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:117429 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:117446 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:117443 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1801615 On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file. The problem is reproducable if the "wide links" option is explicitly set to "yes" and either "unix extensions = no" or ... oval:org.secpod.oval:def:117096 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:117104 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1801481 CVE-2019-12435: Samba AD DC Denial of Service in DNS management server ¶ The dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. An authenticated user can crash the RPC server process via a NULL pointer de-reference. There is no further vulnerability associat ... oval:org.secpod.oval:def:51018 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:47255 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:114988 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1801391 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:1801386 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:1801387 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:1801388 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:89049721 This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn"t allow it; - CVE-2018-1140: ldbsearch "" and DNS query with escapes crashes; - CVE-2018-10919: Confidential attribute disclosure via substrin ... oval:org.secpod.oval:def:116249 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:111783 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:111857 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:602323 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause th ... oval:org.secpod.oval:def:89047777 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation . - CVE-2022-32743: Implement validated dnsHostName write rights . Bugfixes: - Fixed use after free when iterating smbd_server_connection-greater than or connections after tree disconn ... oval:org.secpod.oval:def:89047033 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation . Bugfixes: - Fixed use after free when iterating smbd_server_connection-connections after tree disconnect failure . oval:org.secpod.oval:def:77538 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:2500593 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:89047488 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; ; ; - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; ; ; - CVE-2022-0336: Samba AD users with permission to write to an acco ... oval:org.secpod.oval:def:2003970 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. oval:org.secpod.oval:def:705526 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705161 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended access to files over the network. oval:org.secpod.oval:def:58412 A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share. oval:org.secpod.oval:def:69749 Stefan Metzmacher discovered a flaw in Samba, a SMB/CIFS file, print, and login server for Unix. Specific combinations of parameters and permissions can allow user to escape from the share path definition and see the complete "/" filesystem. Unix permission checks in the kernel are still enforced. D ... oval:org.secpod.oval:def:1501305 A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. oval:org.secpod.oval:def:501745 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:501747 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by ... oval:org.secpod.oval:def:1600354 A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba s ... oval:org.secpod.oval:def:1501308 Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. oval:org.secpod.oval:def:52660 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:602420 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles gettin ... oval:org.secpod.oval:def:109830 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:109949 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1503358 Updated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:500008 Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attac ... oval:org.secpod.oval:def:500716 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions& ... oval:org.secpod.oval:def:500721 Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in ar ... oval:org.secpod.oval:def:95056 samba: SMB/CIFS file, print, and login server for Unix Details: USN-6425-1 fixed vulnerabilities in Samba. Due to a build issue on Linux Mint 20.x LTS, the update introduced regressions in macro handling and possibly other functionality. This update fixes the problem. We apologize for the inconvenie ... oval:org.secpod.oval:def:600957 Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. CVE-2013-0213: Clickjacking issue in SWAT An attacker can integrate a SWAT page into a malicio ... oval:org.secpod.oval:def:1500335 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:1503849 Updated samba3x and samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed ... oval:org.secpod.oval:def:106527 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:52247 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:701514 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:701621 samba: SMB/CIFS file, print, and login server for Unix Samba did not properly enforce the password guessing protection mechanism. oval:org.secpod.oval:def:601969 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. oval:org.secpod.oval:def:1500406 Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1500420 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1500303 Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1503814 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical securi ... oval:org.secpod.oval:def:1503942 Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503945 Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:203354 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:203228 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:203349 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:52413 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:203215 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:105824 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1503220 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:702089 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:500793 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ... oval:org.secpod.oval:def:500437 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:33379 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:107173 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106072 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:203563 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:203561 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:601164 Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked whe ... oval:org.secpod.oval:def:107107 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106259 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:107340 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:501501 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501505 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:500779 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:108451 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106156 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:108454 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106583 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500607 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:501132 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:500288 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:107323 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:501154 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:1500913 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500915 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:52271 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:501203 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:702429 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:501331 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501333 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501214 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:202987 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:501356 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:701426 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:89044942 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as "root". [CVE-2017-7494, bso#12780, bsc#1038231] oval:org.secpod.oval:def:400699 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:40649 The host is installed with samba or samb4 on centOS 7 or centOS 6 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to execute malicious code. oval:org.secpod.oval:def:110394 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:110395 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:703053 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:400809 Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2 ... oval:org.secpod.oval:def:89045232 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:1800252 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corr ... oval:org.secpod.oval:def:203891 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:204509 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ... oval:org.secpod.oval:def:204508 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ... oval:org.secpod.oval:def:203908 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:203907 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ... oval:org.secpod.oval:def:2003969 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulner ... oval:org.secpod.oval:def:502178 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:2003971 A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability i ... oval:org.secpod.oval:def:1501429 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501430 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501431 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:501804 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:501803 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:501805 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ... oval:org.secpod.oval:def:52756 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:51555 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Linux Mint 17.x LTS, and Linu ... oval:org.secpod.oval:def:703086 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703085 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:602527 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems. oval:org.secpod.oval:def:602466 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ... oval:org.secpod.oval:def:64082 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1600365 Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used ... oval:org.secpod.oval:def:1800637 All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the real path system call to ensure when a client requests access to a pathname that it ... oval:org.secpod.oval:def:112256 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1501866 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502035 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:602827 Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. oval:org.secpod.oval:def:1501520 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connectio ... oval:org.secpod.oval:def:112227 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1600702 A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ... oval:org.secpod.oval:def:51753 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703289 samba: SMB/CIFS file, print, and login server for Unix Samba could be tricked into connecting to impersonated servers. oval:org.secpod.oval:def:51642 samba: SMB/CIFS file, print, and login server for Unix Samba could be tricked into connecting to impersonated servers. oval:org.secpod.oval:def:703130 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:501852 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connect ... oval:org.secpod.oval:def:501996 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:703550 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory USN-3242-1 introduced a regression in Sam ... oval:org.secpod.oval:def:1501802 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when us ... oval:org.secpod.oval:def:1600436 A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. oval:org.secpod.oval:def:1800337 All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ... oval:org.secpod.oval:def:703533 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:502073 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:113296 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502196 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ... oval:org.secpod.oval:def:703808 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:502139 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ... oval:org.secpod.oval:def:113589 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502141 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ... oval:org.secpod.oval:def:1501983 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113256 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1501874 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501872 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800605 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corr ... oval:org.secpod.oval:def:502041 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ... oval:org.secpod.oval:def:113679 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:51898 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:51799 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:1502015 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602897 steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. oval:org.secpod.oval:def:112420 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:112412 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:113525 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1502067 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51938 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:51838 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:1502024 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703692 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:1600789 Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be c ... oval:org.secpod.oval:def:603114 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:1800460 CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:1800581 CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:1800466 CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:1800693 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload ashared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corre ... oval:org.secpod.oval:def:703891 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:53194 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:1800303 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions samba 3.0.25 to 4.6.7 Fixed in samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:603183 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:53143 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:703619 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:52009 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:114138 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:114990 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1502253 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700107 A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server coul ... oval:org.secpod.oval:def:603308 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ... oval:org.secpod.oval:def:704008 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:114150 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502318 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ... oval:org.secpod.oval:def:53272 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ... oval:org.secpod.oval:def:52109 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:115595 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:115591 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:51170 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:53469 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ... oval:org.secpod.oval:def:704280 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:603576 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ... oval:org.secpod.oval:def:603486 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-10858 Svyatoslav Phirsov discovered that insufficient input validation in libsmbclient allowed a malici ... oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89049656 This update for samba fixes the following issues: Update to samba version 4.7.11. Security issues fixed: - CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server . - CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal . - CVE-2018-16851: Fixed NULL pointer de-reference in Samba ... oval:org.secpod.oval:def:53395 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-10858 Svyatoslav Phirsov discovered that insufficient input validation in libsmbclient allowed a malici ... oval:org.secpod.oval:def:503287 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:603845 Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares. oval:org.secpod.oval:def:1700260 A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. oval:org.secpod.oval:def:205324 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:603921 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba"s Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details can be found in the upstream advisory at https://www.samba.org/samba/security/CVE- ... oval:org.secpod.oval:def:704968 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3976-1 introduced a regression i ... oval:org.secpod.oval:def:704944 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:205521 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:705254 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:59474 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59475 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59476 The "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:59574 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:59575 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:59605 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705312 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:2003968 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. oval:org.secpod.oval:def:4500059 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. For more details about the security issue, including the impact, a CVSS score, ack ... oval:org.secpod.oval:def:1504952 [4.10.16-15] - resolves: #1949444 - Fix CVE-2021-20254 [4.10.16-14] - resolves: #1937867 - Fix possible core dump with printing support - resolves: #1930747 - Ensure that libwbclient has been updated before restarting services oval:org.secpod.oval:def:2500402 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:205865 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Negative idmap cache entries can cause incorrect group entr ... oval:org.secpod.oval:def:89047260 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold . - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs . - Spec file fixes around systemd and req ... oval:org.secpod.oval:def:4501235 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Active Directory domain user could become root on domain m ... oval:org.secpod.oval:def:88320 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication. CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to lo ... oval:org.secpod.oval:def:1701068 A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover oval:org.secpod.oval:def:125234 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:121157 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1505346 [4.14.5-7] - related: rhbz#2021171 - Fix CVE-2020-25717 - Fix running ktest [4.14.5-6] - related: rhbz#2021171 - Fix CVE-2020-25717 - Add missing checks for IPA DC server role oval:org.secpod.oval:def:121238 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:205936 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Out-of-bounds heap read/write vulnerability in VFS module v ... oval:org.secpod.oval:def:2500509 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:89048512 This update for samba fixes the following issues: * CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext . The following non-security bug was fixed: * Prevent use after free of messaging_ctdb_fde_ev structs . oval:org.secpod.oval:def:205926 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Active Directory domain user could become root on domain m ... oval:org.secpod.oval:def:605884 Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2021-44142 Orange Tsai reported an out-of-bounds heap write vulnerability in the VFS module vfs_fruit, which could result in remote execution of arbitrary code as root. CVE-2022-0336 Kees van Vlo ... oval:org.secpod.oval:def:89045773 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:89045776 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:89045772 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:1601513 A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could u ... oval:org.secpod.oval:def:89045791 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:89047239 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when "allow trusted domains" is off; ; oval:org.secpod.oval:def:605675 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication. CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to lo ... oval:org.secpod.oval:def:89048684 This update for samba fixes the following issues: * CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext . oval:org.secpod.oval:def:89047256 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue administrator tickets to other servers . - CVE-2021-3738: Fixed crash in dsdb stack . - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-2571 ... oval:org.secpod.oval:def:89048100 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers . - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC . - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak ... oval:org.secpod.oval:def:89048537 This update for samba fixes the following issues: * CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext . oval:org.secpod.oval:def:91742 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:19500212 An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. A user with sufficient privileges to create a computer acc ... oval:org.secpod.oval:def:19500236 An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. A user with sufficient privileges to create a computer acc ... oval:org.secpod.oval:def:89050374 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . - Update to samba 4.11 ... oval:org.secpod.oval:def:2003967 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol , aka "Netlogon Elevation of Privilege Vulnerability". oval:org.secpod.oval:def:89003007 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . - Add "libsmbldap0" to "libsmbldap ... oval:org.secpod.oval:def:118730 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:89002916 This update for samba fixes the following issues: - Update to 4.10.18 - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . oval:org.secpod.oval:def:89002853 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . oval:org.secpod.oval:def:89002994 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . - Fixed an issue where multiple ho ... oval:org.secpod.oval:def:705636 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended access to files over the network. oval:org.secpod.oval:def:118751 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:89050503 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . oval:org.secpod.oval:def:1800842 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions: All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:602999 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:89044999 This update provides Samba 4.6.7, which fixes the following issues: - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext rather than the authenticated and encrypted KDC response. - Fix cephwrap_chdir. - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb. - Fix ... oval:org.secpod.oval:def:1800189 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions: All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:53096 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:1800531 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:507867 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: SMB2 packet signing is not enforced when server signing = r ... oval:org.secpod.oval:def:507865 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: SMB2 packet signing is not enforced when server signing = r ... oval:org.secpod.oval:def:97770 [CLSA-2023:1700852317] samba: Fix of CVE-2023-3961 oval:org.secpod.oval:def:602704 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded, allowing ... oval:org.secpod.oval:def:51692 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703405 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89045288 This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don"t send delegated credentials to all servers. - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execut ... oval:org.secpod.oval:def:1800437 CVE-2016-2123: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability. Affected versions: Samba 4.0.0 to 4.5.2 Fixed in: Samba 4.5.3, 4.4.8 and 4.3.13 oval:org.secpod.oval:def:1507154 [4.18.6-101] - resolves: RHEL-11937 Fix CVE-2023-3961 - smbd must check the pipename - resolves: RHEL-11937 Fix CVE-2023-4091 - SMB clients can truncate files - resolves: RHEL-11937 Fix CVE-2023-42669 - Remove rpcecho server oval:org.secpod.oval:def:126310 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:95292 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: smbd allows client access to unix domain soc ... oval:org.secpod.oval:def:95052 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:612727 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation. oval:org.secpod.oval:def:2600402 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:2501223 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:19500480 Samba is vulnerable to path traversal due to insufficient sanitization of clients incoming pipe names. This can lead to the client connecting to as root to a Unix domain socket outside of the Samba private directory. SMB client can truncate files to 0 bytes by opening files with OVERWRITE dispositio ... oval:org.secpod.oval:def:96511 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation. oval:org.secpod.oval:def:89050943 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep call on AD DC. * CVE-2023-42670: Fixed the procedure nu ... oval:org.secpod.oval:def:89050939 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions oval:org.secpod.oval:def:1701954 When doing NTLM authentication, the client sends replies tocryptographic challenges back to the server. These replieshave variable length. Winbind did not properly bounds-checkthe lan manager response length, which despite the lanmanager version no longer being used is still part of theprotocol.If t ... oval:org.secpod.oval:def:89050953 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep call on AD DC. * CVE-2023-4154: Fixed a bug in dirsync ... oval:org.secpod.oval:def:89050973 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep call on AD DC. * CVE-2023-4154: Fixed a bug in dirsync ... oval:org.secpod.oval:def:89051577 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotligh ... oval:org.secpod.oval:def:89049162 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . Bugfixes: * Fixed trust relationship failure . oval:org.secpod.oval:def:89049288 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . Bugfixes: * Fixed trust relationship failure oval:org.secpod.oval:def:89049334 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotligh ... oval:org.secpod.oval:def:89049127 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . Bugfixes: * Fixed trust relationship failure . oval:org.secpod.oval:def:89051556 This update for samba fixes the following issues: samba was updated to version 4.17.9: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * ... oval:org.secpod.oval:def:2501227 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:708310 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89049172 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotligh ... oval:org.secpod.oval:def:97744 [CLSA-2023:1692293238] samba: Fix of CVE-2022-2127 oval:org.secpod.oval:def:19500365 When doing NTLM authentication, the client sends replies tocryptographic challenges back to the server. These replieshave variable length. Winbind did not properly bounds-checkthe lan manager response length, which despite the lanmanager version no longer being used is still part of theprotocol.If t ... oval:org.secpod.oval:def:125933 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:91659 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:2600431 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:3300298 SUSE Security Update: Security update for samba oval:org.secpod.oval:def:89048164 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would b ... oval:org.secpod.oval:def:89048127 This update for samba fixes the following issues: - Updated to version 4.15.13: - CVE-2022-38023: Removed weak cryptographic algorithms from the Netlogon RPC implementation . - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems . - CVE-2022-3437: Fixed a buffer overflow ... oval:org.secpod.oval:def:89048025 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords . - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write ... oval:org.secpod.oval:def:124488 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:19500187 All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for th ... oval:org.secpod.oval:def:89048518 This update for ldb, samba fixes the following issues: ldb: * CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module . * CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes . samba: * CVE-2023-0922: Fixed cleartext password sending by AD DC admin too ... oval:org.secpod.oval:def:89394 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89492 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:89048661 This update for ldb, samba fixes the following issues: ldb: * CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module . * CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes . samba: * CVE-2023-0922: Fixed cleartext password sending by AD DC admin too ... oval:org.secpod.oval:def:89048151 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - CVE- ... oval:org.secpod.oval:def:3300586 SUSE Security Update: Security update for ldb, samba oval:org.secpod.oval:def:507343 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:507229 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: server memory information leak via SMB1 For more details a ... oval:org.secpod.oval:def:5800068 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:707651 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1506434 [4.16.4-4.0.1] - Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8 [Orabug: 30205755] [4.16.4-4] - related: rhbz#2154369 - Add additional patch for CVE-2022-38023 [4.16.4-3] - resolves: rhbz#2154369 - Fix CVE-2022-38023 [4.16.4-2] - resolves: rhbz#2120956 - Do not re ... oval:org.secpod.oval:def:89047753 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging . - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request . - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords . ... oval:org.secpod.oval:def:89047426 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging . - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request . - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords . ... oval:org.secpod.oval:def:123948 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1506263 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process shou ... oval:org.secpod.oval:def:3300549 SUSE Security Update: Security update for samba oval:org.secpod.oval:def:82609 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:2500831 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:89003025 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind; . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:89050252 This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . - l ... oval:org.secpod.oval:def:4501365 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:89050381 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:1504898 openchange [2.3-27.0.1] - Use ldconfig_scriptlets [2.3-27] - Rebuild for newer samba samba [4.13.3-3] - resolves: #1924615 - Fix a memcache bug when cache is full - resolves: #1924571 - Ensure that libwbclient has been updated before restarting services [4.13.3-2] - resolves: #1909647 - Fix winbind ... oval:org.secpod.oval:def:73593 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:89002934 This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:89002915 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:119040 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:89002966 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:2500416 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. oval:org.secpod.oval:def:705735 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:99982 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service or information disclosure. |
