samba

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description SMB Fileserver and AD Domain server
Version 4.17.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2782 4.16.3-1 4.16.4-1 High Fixed
AVG-2648 4.15.4-1 4.15.5-1 Critical Fixed
AVG-2538 4.15.1-1 4.15.2-1 Medium Fixed
AVG-2418 4.14.7-2 4.15.0-1 Low Fixed
AVG-1893 4.14.3-1 4.14.4-1 Medium Fixed
AVG-1732 4.14.0-2 4.14.2-1 Medium Fixed
AVG-1236 4.12.6-1 4.13.0-1 Medium Fixed FS#67983
AVG-1202 4.12.3-2 4.12.6-1 High Fixed
AVG-1057 4.10.8-2 4.10.10-1 Medium Fixed
AVG-823 4.9.2-1 4.9.3-1 High Fixed
AVG-651 4.7.5-1 4.7.6-1 Critical Fixed
AVG-535 4.7.1-1 4.7.3-1 High Fixed
AVG-279 4.5.8-1 4.5.10-1 High Fixed
AVG-111 4.5.2-1 4.5.3-1 Critical Fixed FS#52219
Issue Group Severity Remote Type Description
CVE-2022-32746 AVG-2782 Medium Yes Arbitrary code execution
Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request.
CVE-2022-32745 AVG-2782 Medium Yes Unknown
Samba AD users can crash the server process with an LDAP add or modify request.
CVE-2022-32744 AVG-2782 High Yes Authentication bypass
Samba AD users can forge password change requests for any user.
CVE-2022-32742 AVG-2782 Medium Yes Information disclosure
Server memory information leak via SMB1.
CVE-2022-2031 AVG-2782 Medium Yes Access restriction bypass
Samba AD users can bypass certain restrictions associated with changing passwords.
CVE-2022-0336 AVG-2648 Medium No Access restriction bypass
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the...
CVE-2021-44142 AVG-2648 Critical Yes Arbitrary code execution
All versions of Samba prior to 4.13.17 are vulnerable to an out-of- bounds heap read write vulnerability that allows remote attackers to execute arbitrary...
CVE-2021-44141 AVG-2648 Medium No Information disclosure
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of...
CVE-2021-23192 AVG-2538 Medium Yes Insufficient validation
A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment...
CVE-2021-20277 AVG-1732 Medium Yes Information disclosure
A security issue has been found in Samba before version 4.14.2. A string in an LDAP attribute that contains multiple consecutive leading spaces can lead to...
CVE-2021-20254 AVG-1893 Medium Yes Access restriction bypass
A security issue has been found in all versions of the Samba file server since Samba 3.6.0. A coding error converting SIDs to gids could allow unexpected...
CVE-2021-3738 AVG-2538 Medium Yes Arbitrary code execution
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The AD DC RPC server can use memory that was free()ed when a sub- connection is closed.
CVE-2021-3671 AVG-2418 Low Yes Denial of service
In Samba before version 4.15.0, an unauthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ.
CVE-2020-27840 AVG-1732 Medium Yes Arbitrary code execution
A security issue has been found in Samba before version 4.14.2.  A DN may be represented in string form with arbitrary amounts of space around the component...
CVE-2020-25722 AVG-2538 Medium Yes Insufficient validation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. At a number of points in the Samba AD DC per-attribute and schema based permission checks...
CVE-2020-25721 AVG-2538 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. Samba as an AD DC did not provide a way for Linux applications to obtain a reliable SID...
CVE-2020-25719 AVG-2538 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The Samba AD DC, could become confused about the user a ticket represents if it did not...
CVE-2020-25718 AVG-2538 Medium Yes Privilege escalation
A security issue has been found in Samba versions 4.0.0 to 4.15.1. The Samba AD DC, when joined by an RODC, did not confirm if the RODC was allowed to print...
CVE-2020-25717 AVG-2538 Medium Yes Privilege escalation
A security issue has been found in Samba versions 3.0.0 to 4.15.1. Samba may map domain users to local users in an undesired way.
CVE-2020-14303 AVG-1202 High Yes Denial of service
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet...
CVE-2020-10760 AVG-1202 High Yes Denial of service
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP...
CVE-2020-10745 AVG-1202 Medium Yes Denial of service
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP and DNS paclets. This...
CVE-2020-10730 AVG-1202 High Yes Denial of service
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4....
CVE-2020-1472 AVG-1236 Medium Yes Access restriction bypass
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in...
CVE-2019-14847 AVG-1057 Low Yes Denial of service
A denial of service has been found in Samba before 4.10.10, where users with the "get changes" extended access right can crash the AD DC LDAP server by...
CVE-2019-14833 AVG-1057 Medium Yes Insufficient validation
A security issue has been found in Samba before 4.10.10, where the check password script does not receive the full password string when the password...
CVE-2019-10218 AVG-1057 Medium Yes Arbitrary filesystem access
An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing...
CVE-2018-16857 AVG-823 Low Yes Access restriction bypass
A security issue has been found in samba from 4.9.0 up to and including 4.9.2, where AD DC Configurations watching for bad passwords to restrict brute...
CVE-2018-16853 AVG-823 Medium Yes Denial of service
A denial of service has been found in samba from 4.7.0 up to and including 4.9.2, where a user in a Samba AD domain can crash the MIT KDC by requesting an...
CVE-2018-16852 AVG-823 Medium Yes Denial of service
A NULL pointer de-reference issue has been found in samba from 4.9.0 up to and including 4.9.2, where a user able to create or modify dnsZone objects can...
CVE-2018-16851 AVG-823 Medium Yes Denial of service
A NULL pointer de-reference issue has been found in samba from 4.0.0 up to and including 4.9.2, where a user able to read more than 256MB of LDAP entries...
CVE-2018-16841 AVG-823 High Yes Denial of service
A double-free issue has been found in samba from 4.3.0 up to and including 4.9.2, where a user with a valid certificate or smart card can crash the Samba AD...
CVE-2018-14629 AVG-823 Medium Yes Denial of service
A denial of service security issue has been found in samba from 4.0.0 up to and including 4.9.2, where an unprivileged user can use the ldbadd tool to add...
CVE-2018-1057 AVG-651 Critical Yes Access restriction bypass
On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.
CVE-2018-1050 AVG-651 Medium Yes Denial of service
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external...
CVE-2017-15275 AVG-535 Medium Yes Information disclosure
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending...
CVE-2017-14746 AVG-535 High Yes Arbitrary code execution
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1...
CVE-2017-7494 AVG-279 High Yes Arbitrary code execution
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to...
CVE-2016-2126 AVG-111 Medium Yes Privilege escalation
A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum....
CVE-2016-2125 AVG-111 Medium Yes Authentication bypass
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or...
CVE-2016-2123 AVG-111 Critical Yes Arbitrary code execution
The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data...

Advisories

Date Advisory Group Severity Type
29 Sep 2020 ASA-202009-17 AVG-1236 Medium access restriction bypass
03 Nov 2019 ASA-201911-6 AVG-1057 Medium multiple issues
28 Nov 2018 ASA-201811-22 AVG-823 High multiple issues
13 Mar 2018 ASA-201803-10 AVG-651 Critical multiple issues
02 Dec 2017 ASA-201712-1 AVG-535 High multiple issues
30 May 2017 ASA-201705-22 AVG-279 High arbitrary code execution
22 Dec 2016 ASA-201612-19 AVG-111 Critical multiple issues