U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*
  • CPE Name Search: true
There are 56 matching records.
Displaying matches 41 through 56.
Vuln ID Summary CVSS Severity
CVE-2011-2411

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.

Published: October 02, 2011; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2011-2724

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.

Published: September 06, 2011; 12:55:10 PM -0400
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Published: July 29, 2011; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-2522

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.

Published: July 29, 2011; 4:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1678

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Published: April 09, 2011; 10:55:02 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2011-0719

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.

Published: March 01, 2011; 6:00:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-3069

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

Published: September 15, 2010; 2:00:44 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2063

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Published: June 17, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1642

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Published: June 17, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1635

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Published: June 17, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0547

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

Published: February 04, 2010; 3:15:24 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Published: October 07, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2009-2906

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

Published: October 07, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Published: September 14, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2008-1105

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Published: May 29, 2008; 12:32:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-6015

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Published: December 13, 2007; 4:46:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH