Latest samba samba Vulnerabilities

CVE-2023-5568
Heap buffer overflow with freshness tokens in the heimdal kdc
redhat/samba<4.19.2
Samba Samba<4.19.2
CVE-2023-42669
Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
Samba Samba>=4.0.0<4.17.12
Samba Samba>=4.18.0<4.18.8
Samba Samba>=4.19.0<4.19.1
Redhat Storage=3.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 13 more
CVE-2023-42670
Ad dc busy rpc multiple listener dos
Samba Samba<4.17.12
Samba Samba>=4.18.0<4.18.8
Samba Samba>=4.19.0<4.19.1
Fedoraproject Fedora=39
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.5
ubuntu/samba<2:4.17.7+dfsg-1ubuntu2.3
and 5 more
CVE-2023-3961
Samba: smbd allows client access to unix domain sockets on the file system as root
redhat/samba<4.19.1
redhat/samba<4.18.8
redhat/samba<4.17.12
<4.17.12
>=4.18.0<4.18.8
>=4.19.0<4.19.1
and 4 more
CVE-2023-4154
Samba: ad dc password exposure to privileged users and rodcs
Samba Samba>=4.0.0<4.17.12
Samba Samba>=4.18.0<4.18.8
Samba Samba>=4.19.0<4.19.1
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.6
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.5
ubuntu/samba<2:4.17.7+dfsg-1ubuntu2.3
and 5 more
CVE-2023-4091
Samba: smb clients can truncate files with read-only permissions
Samba Samba<4.17.12
Samba Samba>=4.18.0<4.18.8
Samba Samba>=4.19.0<4.19.1
Fedoraproject Fedora=39
Redhat Storage=3.0
Redhat Enterprise Linux=8.0
and 9 more
CVE-2023-34966
Samba: infinite loop in mdssvc rpc service for spotlight
redhat/samba<4.16.11
redhat/samba<4.17.10
redhat/samba<4.18.5
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.3
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.2
ubuntu/samba<2:4.16.8+dfsg-0ubuntu1.2
and 18 more
CVE-2023-34968
Samba: spotlight server-side share path disclosure
redhat/samba<4.16.11
redhat/samba<4.17.10
redhat/samba<4.18.5
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.3
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.2
ubuntu/samba<2:4.16.8+dfsg-0ubuntu1.2
and 20 more
CVE-2022-2127
Samba: out-of-bounds read in winbind auth_crap
redhat/samba<4.16.11
redhat/samba<4.17.10
redhat/samba<4.18.5
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.3
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.2
ubuntu/samba<2:4.16.8+dfsg-0ubuntu1.2
and 22 more
CVE-2023-3347
Samba: smb2 packet signing is not enforced when "server signing = required" is set
ubuntu/samba<2:4.17.7+dfsg-1ubuntu1.1
Samba Samba>=4.17.0<4.17.10
Samba Samba>=4.18.0<4.18.5
Redhat Storage=3.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 2 more
CVE-2023-34967
Samba: type confusion in mdssvc rpc service for spotlight
redhat/samba<4.16.11
redhat/samba<4.17.10
redhat/samba<4.18.5
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.3
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.2
ubuntu/samba<2:4.16.8+dfsg-0ubuntu1.2
and 18 more
CVE-2023-0922
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
Samba Samba>=4.0.0<4.16.10
Samba Samba>=4.17.0<4.17.7
Samba Samba=4.18.0
Samba Samba=4.18.0-rc1
Samba Samba=4.18.0-rc2
Samba Samba=4.18.0-rc3
and 1 more
CVE-2023-0225
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
Samba Samba>=4.17.0<4.17.7
Samba Samba=4.18.0
Samba Samba=4.18.0-rc1
Samba Samba=4.18.0-rc2
Samba Samba=4.18.0-rc3
Samba Samba=4.18.0-rc4
CVE-2023-0614
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery ke...
Samba Samba>=4.0.0<4.16.10
Samba Samba>=4.17.0<4.17.7
Samba Samba=4.18.0
Samba Samba=4.18.0-rc1
Samba Samba=4.18.0-rc2
Samba Samba=4.18.0-rc3
and 1 more
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory...
Samba Samba<4.15.13
Samba Samba>=4.16.0<4.16.8
CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) ...
MIT Kerberos 5>=1.8<1.19.4
MIT Kerberos 5=1.20
MIT Kerberos 5=1.20-beta1
Heimdal Project Heimdal<7.7.1
Samba Samba<4.15.12
Samba Samba>=4.16.0<4.16.7
and 4 more
CVE-2022-44640
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Heimdal Project Heimdal<7.7.1
Samba Samba>=4.15.0<4.15.3
Samba Samba>=4.16.0<4.16.8
Samba Samba>=4.17.0<4.17.4
debian/heimdal<=7.5.0+dfsg-3
debian/samba<=2:4.9.5+dfsg-5+deb10u3<=2:4.9.5+dfsg-5+deb10u4<=2:4.13.13+dfsg-1~deb11u5
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
Microsoft Windows Server 2008=sp2
Microsoft Windows Server 2008=r2-sp1
Microsoft Windows Server 2012
Microsoft Windows Server 2012=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
and 26 more
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Microsoft Windows Server 2008=sp2
Microsoft Windows Server 2008=r2-sp1
Microsoft Windows Server 2012
Microsoft Windows Server 2012=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
and 24 more
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
and 24 more
CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the ...
Samba Samba>=4.17.0<4.17.2
Fedoraproject Fedora=36
Fedoraproject Fedora=37
redhat/samba<4.17.2
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI lib...
Apple macOS Ventura<13
Samba Samba>=4.0.0<4.15.11
Samba Samba>=4.16.0<4.16.6
Samba Samba>=4.17.0<4.17.2
Fedoraproject Fedora=36
Fedoraproject Fedora=37
and 5 more
CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
Samba Samba>=4.1.0
Fedoraproject Fedora=37
CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
Samba Samba>=4.1.0
Fedoraproject Fedora=37
redhat/samba<4.17
CVE-2022-32744
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabli...
Samba Samba>=4.3.0<4.14.14
Samba Samba>=4.15.0<4.15.9
Samba Samba>=4.16.0<4.16.4
CVE-2022-32746
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This iss...
Samba Samba>=4.3.0<4.14.14
Samba Samba>=4.15.0<4.15.9
Samba Samba>=4.16.0<4.16.4
CVE-2022-32745
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Samba Samba>=4.13.14<4.14.14
Samba Samba>=4.15.2<4.15.9
Samba Samba>=4.16.0<4.16.4
CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been...
Samba Samba<4.14.14
Samba Samba>=4.15.0<4.15.9
Samba Samba>=4.16.0<4.16.4
CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into ...
Samba Samba<4.14.14
Samba Samba>=4.15.0<4.15.9
Samba Samba>=4.16.0<4.16.4
CVE-2021-3670
MaxQueryDuration not honoured in Samba AD DC LDAP
Samba Samba>=4.1.0
Redhat Storage=3.0
Fedoraproject Fedora=35
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2022-0336
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypas...
Samba Samba>=4.0.0<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.4
Fedoraproject Fedora=34
Fedoraproject Fedora=35
redhat/samba<4.13.17
and 2 more
CVE-2021-44141
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the...
Samba Samba<4.15.5
Redhat Storage=3.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
CVE-2021-43566
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the sha...
Samba Samba<4.13.16
CVE-2020-25721
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets...
Samba Samba>=4.13.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.20.04.1
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.21.04.1
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.21.10.1
and 8 more
CVE-2021-3738
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam...
Samba Samba>=4.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
ubuntu/samba<4.13.14
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.20.04.1
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.21.04.1
and 8 more
CVE-2020-25722
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
Samba Samba>=4.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 19 more
CVE-2020-25719
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents i...
Samba Samba>=4.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 38 more
CVE-2020-25718
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.
Samba Samba>=4.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Fedoraproject Fedora=35
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.20.04.1
ubuntu/samba<2:4.13.14+dfsg-0ubuntu0.21.04.1
and 9 more
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 58 more
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their o...
Samba Samba>=4.10.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
redhat/samba<0:4.14.5-7.el8_5
redhat/samba<0:4.13.3-8.el8_4
redhat/samba<0:4.14.5-204.el8
and 9 more
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Samba Samba>=3.0.0<4.13.14
Samba Samba>=4.14.0<4.14.10
Samba Samba>=4.15.0<4.15.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=33
and 56 more
CVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba...
debian/heimdal<=7.7.0+dfsg-2<=7.5.0+dfsg-3
Samba Samba<4.13.12
Samba Samba>=4.14.0<4.14.8
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Netapp Management Services For Element Software
and 20 more
CVE-2021-20316
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...
Samba Samba<4.15.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Redhat Virtualization Host=4.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Aus=8.6
and 6 more
CVE-2021-20254
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyon...
Samba Samba>=3.6.0<4.12.15
Samba Samba>=4.13.0<4.13.8
Samba Samba>=4.14.0<4.14.4
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Redhat Enterprise Linux=7.0
and 5 more
CVE-2020-27840
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds mem...
Samba Samba>=4.0.0<4.12.13
Samba Samba>=4.13.0<4.13.6
Samba Samba>=4.14.0<4.14.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
and 5 more
CVE-2021-20277
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the requ...
Samba Samba>=4.0.0<4.12.13
Samba Samba>=4.13.0<4.13.6
Samba Samba>=4.14.0<4.14.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
and 5 more
CVE-2021-20251
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
Samba Samba>=4.1.0<4.16.8
Samba Samba>=4.17.0<4.17.4
Fedoraproject Fedora=37
CVE-2020-17049
Kerberos KDC Security Feature Bypass Vulnerability
=r2
=20h2
=1903
=1909
and 16 more
CVE-2020-14383
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after...
redhat/samba<4.11.15
redhat/samba<4.12.9
redhat/samba<4.13.1
Samba Samba>=4.0.0<4.11.15
Samba Samba>=4.12.0<4.12.9
Samba Samba>=4.13.0<4.13.1
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203