Product:

Samba

(Samba)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 164
Date Id Summary Products Score Patch Annotated
2022-01-11 CVE-2021-43566 All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. Samba 2.5
2020-12-03 CVE-2020-14318 A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. Enterprise_linux, Storage, Samba 4.3
2020-05-06 CVE-2020-10704 A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. Debian_linux, Fedora, Leap, Samba 7.5
2020-10-29 CVE-2020-14323 A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Debian_linux, Fedora, Leap, Samba 5.5
2021-10-12 CVE-2021-3671 A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. Samba 6.5
2019-04-09 CVE-2019-3870 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is... Fedora, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas_firmware, Vs960hd_firmware 6.1
2020-07-06 CVE-2020-14303 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. Fedora, Leap, Samba 7.5
2020-08-17 CVE-2020-1472 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. Ubuntu_linux, Fedora, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Leap, Samba, Directory_server 10.0
2021-05-05 CVE-2021-20254 A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality... Debian_linux, Fedora, Enterprise_linux, Samba 6.8
2019-11-06 CVE-2019-10218 A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Fedora, Samba 6.5