Filtered by vendor Samba
Subscriptions
Total
230 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-08-02 | 8.8 High |
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | ||||
CVE-2023-4154 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2024-08-02 | 7.5 High |
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. | ||||
CVE-2023-0922 | 1 Samba | 1 Samba | 2024-08-02 | 5.9 Medium |
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | ||||
CVE-2023-0614 | 1 Samba | 1 Samba | 2024-08-02 | 6.5 Medium |
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | ||||
CVE-2023-0225 | 1 Samba | 1 Samba | 2024-08-02 | 4.3 Medium |
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | ||||
CVE-1999-1288 | 4 Caldera, Redhat, Samba and 1 more | 4 Openlinux, Linux, Samba and 1 more | 2024-08-01 | N/A |
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. | ||||
CVE-1999-0811 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
Buffer overflow in Samba smbd program via a malformed message command. | ||||
CVE-1999-0812 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | ||||
CVE-1999-0810 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
Denial of service in Samba NETBIOS name service daemon (nmbd). | ||||
CVE-1999-0182 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. |