Debian Samba vulnerabilities

CVE-2006-3403 [MEDIUM] CVE-2006-3403: samba - The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote att... The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. Scope: local bookworm: resolved (fixed in 3.0.23a-1) bullseye: resolved (fixed in 3.0.23a-1) forky: resolved (fixed in 3.0.23a-1) sid: resolved (fixed in 3.0.23a-1) trixie: resolved (f

CVE-2006-1059 [LOW] CVE-2006-1059: samba - The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account ... The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. Scope: local bookworm: resolved (fixed in 3.0.22-1) bullseye: resolved (fixed in 3.0.22-1) forky: resolved (fixed in 3.0.22-1) sid: resolved (fixed in 3.0.22-1) trixie: reso

CVE-2004-0600 [CRITICAL] CVE-2004-0600: samba - Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.... Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. Scope: local bookworm: resolved (fixed in 3.0.5) bullseye: resolved (fixed in 3.0.5) forky: resolved (fixed in 3.0.5) sid: resolved (fixed in 3.0.5) trixie: resolved (

CVE-2004-1154 [CRITICAL] CVE-2004-1154: samba - Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9... Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 3.0.10-1) bullseye

CVE-2004-0882 [CRITICAL] CVE-2004-0882: samba - Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.... Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. Scope: local bookworm: resolved (fixed in 3.0.7) bullseye: resolved (fixed in 3.0.7) forky: resolved (fixed in 3.0.7) sid: resolved (fixed in 3.0.7) trixi

CVE-2004-0186 [HIGH] CVE-2004-0186: samba - smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local us... smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. Scope: local bookworm: resolved (fixed in 3.0.2-2) bullseye: resolved (fixed in 3.0.2-2) forky: resolved (fixed in 3.0.2-2) sid: resol

CVE-2004-0815 [HIGH] CVE-2004-0815: samba - The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0... The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. Scope: local bookworm: resolved (fixed in 3.0.6-1) bullseye: resolved (

CVE-2004-0082 [HIGH] CVE-2004-0082: samba - The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when cre... The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. Scope: local bookworm: resolved (fixed in 3.0.7) bullseye: resolved (fixed in 3.0.7) forky: resolved (fixed in 3.0.

CVE-2004-0686 [MEDIUM] CVE-2004-0686: samba - Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling ... Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Scope: local bookworm: resolved (fixed in 3.0.5) bullseye: resolved (fixed in 3.0.5) forky: resolved (fixed in 3.0.5) sid: resolved (fixed in 3.0.5) trixie: resolved (fixed in 3.0.5)

CVE-2004-0808 [MEDIUM] CVE-2004-0808: samba - The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier... The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. Scope: local bookworm: resolved (fixed in 3.0.7) bullseye: resolved (fixed in 3.0.7) forky

CVE-2004-2546 [MEDIUM] CVE-2004-2546: samba - Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of... Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). Scope: local bookworm: resolved (fixed in 3.0.6-1) bullseye: resolved (fixed in 3.0.6-1) forky: resolved (fixed in 3.0.6-1) sid: resolved (fixed in 3.0.6-1) trixie: resolved (fixed in 3.0.6-1)

CVE-2004-0930 [MEDIUM] CVE-2004-0930: samba - The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions all... The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. Scope: local bookworm: resolved (fixed in 3.0.8-1) bullseye: resolved (fixed in 3.0.8-1) forky: resolved (fixed in 3.0.8-1) sid: resolved (fixed

CVE-2004-0829 [MEDIUM] CVE-2004-0829: samba - smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service... smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. Scope: local bookworm: resolved (fixed in 2.2.11) bullseye: resolved (fixed in 2.2.11) forky: resolved (fixed in 2.2.11) sid: r

CVE-2004-0807 [MEDIUM] CVE-2004-0807: samba - Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (in... Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. Scope: local bookworm: resolved (fixed in 3.0.7) bullseye: resolved (fixed in 3.0.7) forky: resolved (fixed in 3.0.7) sid: resolved (fixed in 3.0.7) trixie:

CVE-2003-0196 [CRITICAL] CVE-2003-0196: samba - Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to e... Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. Scope: local bookworm: resolved (fixed in 3.0) bullseye: resolved (fixed in 3.0) forky: resolved (fixed in 3.0) sid: resolved (fixed in 3.0) trixie: resol

CVE-2003-0085 [CRITICAL] CVE-2003-0085: samba - Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon ... Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code. Scope: local bookworm: resolved (fixed in 2.2.8) bullseye: resolved (fixed in 2.2.8) forky: resolved (fixed in 2.2.8) sid: resolved (fixed in 2.2.8) trixie: resolved (fixed in 2.2

CVE-2003-0201 [CRITICAL] CVE-2003-0201: samba - Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x befo... Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Scope: local bookworm: resolved (fixed in 3.0) bullseye: resolved (fixed in 3.0) forky: resolved (fixed in 3.0) sid: resolved (fixed in 3.0) trixie: resolved (fixe

CVE-2003-0086 [LOW] CVE-2003-0086: samba - The code for writing reg files in Samba before 2.2.8 allows local users to overw... The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. Scope: local bookworm: resolved (fixed in 2.2.8) bullseye: resolved (fixed in 2.2.8) forky: resolved (fixed in 2.2.8) sid: resolved (fixed in 2.2.8) trixie: resolved (fixed in 2.2.8)

CVE-2003-1332 [CRITICAL] CVE-2003-1332: samba - Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and ea... Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2002-1318 [CRITICAL] CVE-2002-1318: samba - Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a ... Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. Scope: local bookworm: resolved (fixed in 2.2.7) bullseye: resolved (fixed in 2.2