samba

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description SMB Fileserver and AD Domain server
Version 4.8.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-651 4.7.5-1 4.7.6-1 Critical Fixed
AVG-535 4.7.1-1 4.7.3-1 High Fixed
AVG-279 4.5.8-1 4.5.10-1 High Fixed
AVG-111 4.5.2-1 4.5.3-1 Critical Fixed FS#52219
Issue Group Severity Remote Type Description
CVE-2018-1057 AVG-651 Critical Yes Access restriction bypass
On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.
CVE-2018-1050 AVG-651 Medium Yes Denial of service
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external...
CVE-2017-7494 AVG-279 High Yes Arbitrary code execution
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to...
CVE-2017-15275 AVG-535 Medium Yes Information disclosure
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending...
CVE-2017-14746 AVG-535 High Yes Arbitrary code execution
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1...
CVE-2016-2126 AVG-111 Medium Yes Privilege escalation
A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum....
CVE-2016-2125 AVG-111 Medium Yes Authentication bypass
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or...
CVE-2016-2123 AVG-111 Critical Yes Arbitrary code execution
The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data...

Advisories

Date Advisory Group Severity Description
13 Mar 2018 ASA-201803-10 AVG-651 Critical multiple issues
02 Dec 2017 ASA-201712-1 AVG-535 High multiple issues
30 May 2017 ASA-201705-22 AVG-279 High arbitrary code execution
22 Dec 2016 ASA-201612-19 AVG-111 Critical multiple issues