National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:samba:samba:4.1.5
There are 52 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Published: November 27, 2017; 05:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Published: July 13, 2017; 09:29:00 AM -04:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Published: June 06, 2017; 05:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 6.8 MEDIUM
CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Published: May 30, 2017; 02:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Published: May 11, 2017; 10:29:58 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-2119

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.

Published: July 07, 2016; 11:59:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 6.8 MEDIUM
CVE-2016-2115

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Published: April 24, 2016; 08:59:06 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

Published: April 24, 2016; 08:59:05 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-2113

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

Published: April 24, 2016; 08:59:03 PM -04:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Published: April 24, 2016; 08:59:03 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.

Published: April 24, 2016; 08:59:02 PM -04:00
V3.0: 6.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

Published: April 24, 2016; 08:59:01 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.

Published: April 24, 2016; 08:59:00 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Published: April 12, 2016; 07:59:37 PM -04:00
V3.1: 7.5 HIGH
    V2: 6.8 MEDIUM
CVE-2016-0771

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

Published: March 13, 2016; 06:59:01 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.9 MEDIUM
CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Published: March 13, 2016; 06:59:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2015-8467

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.

Published: December 29, 2015; 05:59:07 PM -05:00
V3.0: 7.5 HIGH
    V2: 6.0 MEDIUM
CVE-2015-7540

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

Published: December 29, 2015; 05:59:05 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5330

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

Published: December 29, 2015; 05:59:04 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5299

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Published: December 29, 2015; 05:59:03 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM