Vulnerabilities (CVE)

Filtered by vendor Samba Subscribe
Total 178 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1472 6 Canonical, Fedoraproject, Microsoft and 3 more 9 Ubuntu Linux, Fedora, Windows Server 2008 and 6 more 2021-06-14 9.3 HIGH 10.0 CRITICAL
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
CVE-2020-14387 1 Samba 1 Rsync 2021-06-09 5.8 MEDIUM 7.4 HIGH
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.
CVE-2019-14902 3 Canonical, Opensuse, Samba 3 Ubuntu Linux, Leap, Samba 2021-05-29 5.5 MEDIUM 5.4 MEDIUM
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
CVE-2021-20254 3 Fedoraproject, Redhat, Samba 3 Fedora, Enterprise Linux, Samba 2021-05-29 5.5 MEDIUM 8.1 HIGH
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2019-14833 3 Fedoraproject, Opensuse, Samba 3 Fedora, Leap, Samba 2021-05-29 4.9 MEDIUM 5.4 MEDIUM
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.
CVE-2019-10218 2 Fedoraproject, Samba 2 Fedora, Samba 2021-05-29 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
CVE-2019-14861 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2021-05-29 3.5 LOW 5.3 MEDIUM
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
CVE-2019-14870 3 Canonical, Fedoraproject, Samba 3 Ubuntu Linux, Fedora, Samba 2021-05-29 6.4 MEDIUM 5.4 MEDIUM
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
CVE-2019-14847 3 Fedoraproject, Opensuse, Samba 3 Fedora, Leap, Samba 2021-05-29 4.0 MEDIUM 4.9 MEDIUM
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
CVE-2019-14907 5 Canonical, Fedoraproject, Redhat and 2 more 9 Ubuntu Linux, Fedora, Enterprise Linux and 6 more 2021-05-29 2.6 LOW 6.5 MEDIUM
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2020-27840 3 Debian, Fedoraproject, Samba 3 Debian Linux, Fedora, Samba 2021-05-26 5.0 MEDIUM 7.5 HIGH
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
CVE-2021-20277 3 Debian, Fedoraproject, Samba 3 Debian Linux, Fedora, Samba 2021-05-26 5.0 MEDIUM 7.5 HIGH
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
CVE-2020-14383 2 Redhat, Samba 2 Enterprise Linux, Samba 2021-05-05 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
CVE-2021-20208 2 Redhat, Samba 2 Enterprise Linux, Cifs-utils 2021-04-29 4.9 MEDIUM 6.1 MEDIUM
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2020-10730 4 Fedoraproject, Opensuse, Redhat and 1 more 4 Fedora, Leap, Storage and 1 more 2021-04-02 4.0 MEDIUM 6.5 MEDIUM
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVE-2020-14318 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2020-12-24 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2020-14323 3 Fedoraproject, Opensuse, Samba 3 Fedora, Leap, Samba 2020-12-24 2.1 LOW 5.5 MEDIUM
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
CVE-2019-3870 3 Fedoraproject, Samba, Synology 9 Fedora, Samba, Active Directory Server and 6 more 2020-12-04 3.6 LOW 6.1 MEDIUM
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
CVE-2018-1050 4 Canonical, Debian, Redhat and 1 more 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more 2020-12-04 3.3 LOW 4.3 MEDIUM
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
CVE-2020-10704 3 Fedoraproject, Opensuse, Samba 3 Fedora, Leap, Samba 2020-11-23 5.0 MEDIUM 7.5 HIGH
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.