Gentoo Linux Security Advisory 201502-15 - Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code. Versions less than 3.6.25 are affected.
606c956ce8f163cd743c45062fd6201fce247d72cbe7bc650aed2d2440e1861bHP Security Bulletin HPSBUX03087 SSRT101413 2 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 2 of this advisory.
a56a13f1ec26735d4d53c5b23bf32116794a56a90a713f7129caca2874101576HP Security Bulletin HPSBUX03087 SSRT101413 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.
1299cc2ae31937153cba3aee6893facc0a9857094409153f01cd2e09689e173bSlackware Security Advisory - New samba packages are available for Slackware 14.1, and -current to fix a security issue.
aaf542c1edaf53c34eb9aee0f7ef9b039611aa47d44495a0d8bc548201d9a409Red Hat Security Advisory 2014-0009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
9153c8aeb19a4ad7c3bbc309c720fa69bb6d3177dc1120458ca05236e6c48a4aMandriva Linux Security Advisory 2013-299 - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. The updated packages has been upgraded to the 3.6.22 version which resolves various upstream bugs and is not vulnerable to these issues.
616e78bf48894f3bc5d18232a8b44d069f6ab91be39e3eb85bbad5e45a00df87Ubuntu Security Notice 2054-1 - It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length fields. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as the root user. Various other issues were also addressed.
37f80d54fa555acc23ea6eff4a37a7ea3dc8c6b393c21df3b217c7cb111faf5fRed Hat Security Advisory 2013-1806-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
776f5e06aa1d59689b658d1881b9e89a5fcea991a6537bc63833095590381b35Red Hat Security Advisory 2013-1805-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
7a95ea07e79777b06a6fa8a5c54f5c65a0354ca7595170be622db4ed1496de04Debian Linux Security Advisory 2812-1 - Two security issues were found in Samba, a SMB/CIFS file, print, and login server.
f999b212f4fc13361aae0ea94817b1f46dc2584eaa0f151337c38c12cae08445
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed