Debian Samba vulnerabilities

CVE-2017-15087 [MEDIUM] CVE-2017-15087: samba - It was discovered that the fix for CVE-2017-12163 was not properly shipped in er... It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-15086 [HIGH] CVE-2017-15086: samba - It was discovered that the fix for CVE-2017-12151 was not properly shipped in er... It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2119 [HIGH] CVE-2016-2119: samba - libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4... libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. Scope: local bookworm: resolved (fixed in 2:4.4.5+dfsg-1) bullseye

CVE-2016-2113 [HIGH] CVE-2016-2113: samba - Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not ver... Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. Scope: local bookworm: resolved (fixed in 2:4.3.7+dfsg-1) bullseye: resolved (fixed in 2:4.3.7+dfsg-1) forky: resolve

CVE-2016-2123 [HIGH] CVE-2016-2123: samba - A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dn... A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authentic

CVE-2016-2118 [HIGH] CVE-2016-2118: samba - The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2... The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." Scope: local bookworm: resolved (fixed in 2:4.3.7+dfsg

CVE-2016-2115 [MEDIUM] CVE-2016-2115: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does... Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Scope: local bookworm: resolved (fixed in 2:4.3.7+dfsg-1) bullseye: resolved (fixed in 2:4.3.7+dfsg-1) forky: resolved (

CVE-2016-2110 [MEDIUM] CVE-2016-2110: samba - The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.... The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE

CVE-2016-2114 [MEDIUM] CVE-2016-2114: samba - The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8,... The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. Scope: local bookworm: resolved (fixed in 2:4.3.7+dfsg-1) bullseye: resolved (fixed in 2:4.3.7+dfsg

CVE-2016-2111 [MEDIUM] CVE-2016-2111: samba - The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and... The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to

CVE-2016-2124 [MEDIUM] CVE-2016-2124: samba - A flaw was found in the way samba implemented SMB1 authentication. An attacker c... A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Scope: local bookworm: resolved (fixed in 2:4.13.14+dfsg-1) bullseye: resolved (fixed in 2:4.13.13+dfsg-1~deb11u2) forky: resolved (fixed in 2:4.13.14+dfsg-1) sid: resolve

CVE-2016-0771 [MEDIUM] CVE-2016-0771: samba - The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x be... The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. Scope: local bookworm: resolved (fixed

CVE-2016-2126 [MEDIUM] CVE-2016-2126: samba - Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to inco... Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permis

CVE-2016-2125 [MEDIUM] CVE-2016-2125: samba - It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested fo... It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Scope: local bookworm: resolved (fixed in 2:4.5.2+dfsg-2) bullseye: resolved (fixed in 2:4.5

CVE-2016-2112 [MEDIUM] CVE-2016-2112: samba - The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before... The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. Scope: local bookworm: resolved (fixed in 2:4.3.7+dfsg-1) bullseye: res

CVE-2015-0240 [CRITICAL] CVE-2015-0240: samba - The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.2... The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reac

CVE-2015-5252 [HIGH] CVE-2015-5252: samba - vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x ... vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. Scope: local bookworm: resolved (fixed in 2:4.1.22+dfsg-1) bullseye: resolved (fixed in 2:4.1.22+dfsg-1

CVE-2015-5330 [HIGH] CVE-2015-5330: ldb - ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2... ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. Scope: local bullseye: resolved (fixed in 2:1.1.24

CVE-2015-7540 [HIGH] CVE-2015-7540: samba - The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not ... The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. Scope: local bookworm: resolved (fixed in 2:4.1.22+dfsg-1) bullseye: resolved (fixed in 2:4.1.22+dfsg-1) for

CVE-2015-7560 [MEDIUM] CVE-2015-7560: samba - The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before... The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. Scope: local bookworm: resolved (fixed in 2:4.3.6+dfsg-1) bullsey