U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*
  • CPE Name Search: true
There are 50 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Published: August 25, 2022; 2:15:10 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Published: August 25, 2022; 2:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

Published: August 23, 2022; 12:15:09 PM -0400
V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Published: February 21, 2022; 1:15:08 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 3.5 LOW
CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Published: February 21, 2022; 10:15:07 AM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 8.1 HIGH
V2.0: 8.5 HIGH
CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

Published: January 11, 2022; 11:15:07 AM -0500
V3.1: 2.5 LOW
V2.0: 1.2 LOW
CVE-2021-3671

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Published: October 12, 2021; 2:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

Published: August 17, 2020; 3:15:15 PM -0400
V3.1: 10.0 CRITICAL
V2.0: 9.3 HIGH
CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Published: November 06, 2019; 5:15:10 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

Published: March 06, 2019; 10:29:00 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-10858

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Published: August 22, 2018; 1:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Published: July 27, 2018; 8:29:00 AM -0400
V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Published: July 26, 2018; 12:29:00 PM -0400
V3.0: 7.1 HIGH
V2.0: 4.8 MEDIUM
CVE-2017-2619

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Published: March 12, 2018; 11:29:00 AM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Published: June 06, 2017; 5:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2016-2115

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Published: April 24, 2016; 8:59:06 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Published: April 24, 2016; 8:59:03 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

Published: April 24, 2016; 8:59:02 PM -0400
V3.0: 6.3 MEDIUM
V2.0: 4.3 MEDIUM