Debian Samba vulnerabilities

CVE-2015-5296 [MEDIUM] CVE-2015-5296: samba - Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supp... Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Scope: local bookworm: resolved (fixed in 2

CVE-2015-3223 [MEDIUM] CVE-2015-3223: ldb - The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used i... The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. Scope: local bullseye: resolved (fixed in 2:1.1.24-1)

CVE-2015-5299 [MEDIUM] CVE-2015-5299: samba - The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in ... The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. Scope: local bookworm: resolved (fixed in 2:4.1.22+dfsg-

CVE-2015-5370 [MEDIUM] CVE-2015-5370: samba - Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does... Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. Scope: local bookworm: resolved (

CVE-2015-8467 [MEDIUM] CVE-2015-8467: samba - The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/sam... The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain wit

CVE-2014-8143 [HIGH] CVE-2014-8143: samba - Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an... Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Scope: local book

CVE-2014-3560 [HIGH] CVE-2014-3560: samba - NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x befor... NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. Scope: local bookworm: resolved (fixed in 2:4.1.11+dfsg-1) bullseye: resolved (fixed i

CVE-2014-0239 [MEDIUM] CVE-2014-0239: samba - The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field i... The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103. Scope: local bookworm: re

CVE-2014-0178 [LOW] CVE-2014-0178: samba - Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a ... Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHO

CVE-2014-0244 [LOW] CVE-2014-0244: samba - The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0... The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. Scope: local bookworm: resolved (fixed in 2:4.1.9+dfsg-1) bullseye: resolved (fixed in 2:4.1.9+dfsg-1) forky: resolved (fixed in 2:4.1.9+dfsg-1) sid

CVE-2014-3493 [LOW] CVE-2014-3493: samba - The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.1... The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference

CVE-2013-4408 [HIGH] CVE-2013-4408: samba - Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in libr... Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Scope: local bookworm: resolved (fixed in 2:4.0.13+dfsg-1) bullseye: reso

CVE-2013-0214 [MEDIUM] CVE-2013-0214: samba - Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration ... Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Scope: local bookworm: resolved (fixed in 2:3.6.

CVE-2013-0454 [MEDIUM] CVE-2013-0454: samba - The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize... The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, o

CVE-2013-0213 [MEDIUM] CVE-2013-0213: samba - The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x befor... The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Scope: local bookworm: resolved (fixed in 2:3.6.6-5) bullseye: resolved (fixed in 2:3.6.6-5) forky: resolved (fixed in 2:3.6.6-5) sid: resolved (fixed in 2:3.6.6-5)

CVE-2013-4124 [MEDIUM] CVE-2013-4124: samba - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Sa... Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Scope: local bookworm: resolved (fixed in 2:3.6.17-1) bullseye: resolved (fixed in 2:3.6.17-1) forky: resolved (fixed in 2:3.6.

CVE-2013-4476 [LOW] CVE-2013-4476: samba - Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided ... Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. Scope: local bookworm: resolved (fixed in 2:4.0.11+dfsg-1) bullseye: res

CVE-2013-4475 [MEDIUM] CVE-2013-4475: samba - Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4... Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Scope: local bookworm: resolved (fixed in 2:4.0.11+dfsg-1) bullseye: resolv

CVE-2013-6442 [MEDIUM] CVE-2013-6442: samba - The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 an... The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. Scope: local bookworm: resolved (fixed in 2:4.1.6+dfsg-1) bu

CVE-2013-4496 [MEDIUM] CVE-2013-4496: samba - Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not en... Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Scope: local bookworm: resolved (fixed in 2:4.1.6+dfsg-1) bullseye: resolved (fixed in 2:4.1.6+