Download
| Alert*
|
oval:org.secpod.oval:def:32978
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:1600822 Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ... oval:org.secpod.oval:def:54404 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:54393 Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares. oval:org.secpod.oval:def:1800926 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800962 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800963 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:1800964 CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16. oval:org.secpod.oval:def:400790 This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Other bugs fixed: - Enable clustering support; . - s3: smbd: Fix timestamp rounding inside SMB2 create; ; . - v ... oval:org.secpod.oval:def:400643 This update for samba fixes the following issues: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target. Also the following bugs were fixed: - Add quotes around path of update-apparmor-samba-profile; . - Prevent access denied if the share path is " ... oval:org.secpod.oval:def:1800096 libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flag. ... oval:org.secpod.oval:def:703010 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702966 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:204706 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ... oval:org.secpod.oval:def:703110 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relax ... oval:org.secpod.oval:def:702146 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:702386 samba: SMB/CIFS file, print, and login server for Unix A security issue was fixed in Samba. oval:org.secpod.oval:def:38608 The host is installed with samba4 or samba and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kerberos. An attacker who successfully exploited this vulnerability could watch password changes in Samba oval:org.secpod.oval:def:110283 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:702905 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702909 ldb: LDAP-like embedded database Several security issues were fixed in ldb. oval:org.secpod.oval:def:203801 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:110290 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:203385 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:1800860 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions:¶ samba 3.0.25 to 4.6.7 Fixed in:¶ samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:1800862 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed in: samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:204560 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ... oval:org.secpod.oval:def:1800905 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed In: samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:203384 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:501783 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:501782 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:203805 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way connection signing was implemented by Samba. A rem ... oval:org.secpod.oval:def:1501396 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501397 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501395 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1600334 A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. oval:org.secpod.oval:def:1800418 CVE-2015-7560 Incorrect ACL get/set allowed on symlink path. All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable toa malicious client overwriting the ownership of ACLs using symlinks. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or di ... oval:org.secpod.oval:def:203808 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:204654 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authenti ... oval:org.secpod.oval:def:204672 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:204558 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ... oval:org.secpod.oval:def:204559 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ... oval:org.secpod.oval:def:204843 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ... oval:org.secpod.oval:def:204846 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ... oval:org.secpod.oval:def:204711 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ... oval:org.secpod.oval:def:116249 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:111783 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:111857 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:602323 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause th ... oval:org.secpod.oval:def:1800112 CVE-2015-3223: libldb: Remote DoS in Samba LDAP server. All versions of Samba from 4.0.0 to 4.3.2 inclusive are vulnerable to a denial of service attack in the samba daemon LDAP server. Fixed In Version: ldb 1.1.24 CVE-2015-5252: Insufficient symlink verification in smbd. All versions of Samba from ... oval:org.secpod.oval:def:1500668 Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1501305 A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. oval:org.secpod.oval:def:501745 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:501747 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by ... oval:org.secpod.oval:def:501748 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:109963 A library that implements a trivial database. oval:org.secpod.oval:def:109984 A library that implements a hierarchical allocator with destructors. oval:org.secpod.oval:def:109810 An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. oval:org.secpod.oval:def:109812 Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the tevent_req functions. oval:org.secpod.oval:def:109933 An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. oval:org.secpod.oval:def:109816 A library that implements a hierarchical allocator with destructors. oval:org.secpod.oval:def:1600354 A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba s ... oval:org.secpod.oval:def:109953 Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the tevent_req functions. oval:org.secpod.oval:def:109821 A library that implements a trivial database. oval:org.secpod.oval:def:1501302 Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. oval:org.secpod.oval:def:1501308 Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. oval:org.secpod.oval:def:1501295 A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of m ... oval:org.secpod.oval:def:1501296 A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of m ... oval:org.secpod.oval:def:109830 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:109949 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1600377 A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb , would cause that application to consume an excessive amount of memory and crash.A memory-read flaw was foun ... oval:org.secpod.oval:def:602420 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles gettin ... oval:org.secpod.oval:def:1500439 Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500317 Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:600957 Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. CVE-2013-0213: Clickjacking issue in SWAT An attacker can integrate a SWAT page into a malicio ... oval:org.secpod.oval:def:33379 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1500335 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:1500339 Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:106527 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500341 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:107173 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:701514 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:106072 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1300212 A vulnerability has been found and corrected in samba: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service via a malformed packet . The updated packages ... oval:org.secpod.oval:def:701621 samba: SMB/CIFS file, print, and login server for Unix Samba did not properly enforce the password guessing protection mechanism. oval:org.secpod.oval:def:302997 Multiple vulnerabilities has been found and corrected in samba : The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element . Cross-site request forgery vulnerabilit ... oval:org.secpod.oval:def:601969 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. oval:org.secpod.oval:def:26420 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:203564 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:203563 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:203562 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:26422 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:203561 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:26421 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:601164 Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked whe ... oval:org.secpod.oval:def:104644 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500406 Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:107107 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106259 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:107340 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500414 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:203300 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:501501 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501502 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:1500420 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:501505 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501504 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:1500303 Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:108451 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106156 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:108454 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:104609 Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information . The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This pac ... oval:org.secpod.oval:def:106104 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:106583 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500607 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1300157 Multiple vulnerabilities has been found and corrected in samba : The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element . Cross-site request forgery vulnerabilit ... oval:org.secpod.oval:def:203351 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501132 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:203354 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501136 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a cli ... oval:org.secpod.oval:def:1500610 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:104629 Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information . The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This pac ... oval:org.secpod.oval:def:203225 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:203228 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:203349 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:104620 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:107323 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:501152 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:501154 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:203215 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:52413 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:105824 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1500912 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500914 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500913 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500915 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:501203 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:702429 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:501331 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501333 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:202984 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:501214 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:202987 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:202986 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:105350 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:702089 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:203381 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:501222 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:1500266 Updated samba3x packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:501356 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:501355 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:701426 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:400809 Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2 ... oval:org.secpod.oval:def:1800252 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corr ... oval:org.secpod.oval:def:203891 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:400699 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:110394 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:110395 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:203904 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authentic ... oval:org.secpod.oval:def:703053 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:502178 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:1501428 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501429 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501430 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501431 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501432 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:602466 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ... oval:org.secpod.oval:def:501803 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:501805 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ... oval:org.secpod.oval:def:703086 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703085 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:1600365 Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used ... oval:org.secpod.oval:def:703066 libsoup2.4: HTTP client/server library for GNOME Details: USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory This update fixes ... oval:org.secpod.oval:def:602527 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems. oval:org.secpod.oval:def:703130 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:501853 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-midd ... oval:org.secpod.oval:def:1501866 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501996 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:1501802 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when us ... oval:org.secpod.oval:def:1501814 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authentica ... oval:org.secpod.oval:def:502005 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authenti ... oval:org.secpod.oval:def:1600702 A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ... oval:org.secpod.oval:def:703289 samba: SMB/CIFS file, print, and login server for Unix Samba could be tricked into connecting to impersonated servers. oval:org.secpod.oval:def:1502067 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51938 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1502070 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502196 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ... oval:org.secpod.oval:def:113296 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:703808 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1502023 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502139 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ... oval:org.secpod.oval:def:1502024 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113589 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502140 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ... oval:org.secpod.oval:def:502141 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ... oval:org.secpod.oval:def:1501983 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600789 Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be c ... oval:org.secpod.oval:def:113256 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1501873 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501874 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501872 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800605 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corr ... oval:org.secpod.oval:def:603114 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:502040 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authenticated samba client, ... oval:org.secpod.oval:def:1501882 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113679 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1800460 CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:1800581 CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:51898 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1800466 CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15 oval:org.secpod.oval:def:1800693 All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload ashared library to a writable share, and then cause the server to load and execute it. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to corre ... oval:org.secpod.oval:def:703891 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:53194 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:1502015 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602897 steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. oval:org.secpod.oval:def:112420 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1800303 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions samba 3.0.25 to 4.6.7 Fixed in samba 4.6.8, 4.5.14 and 4.4.16 oval:org.secpod.oval:def:603183 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:112412 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:53143 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:703619 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:113525 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502200 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ... oval:org.secpod.oval:def:603308 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ... oval:org.secpod.oval:def:704008 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:205139 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ... oval:org.secpod.oval:def:52009 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:114138 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:114134 An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. oval:org.secpod.oval:def:114990 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:1502253 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502259 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:114150 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:502318 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ... oval:org.secpod.oval:def:53272 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ... oval:org.secpod.oval:def:502320 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ... oval:org.secpod.oval:def:1700107 A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server coul ... oval:org.secpod.oval:def:115595 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:115591 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:51170 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:603576 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ... oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:603845 Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares. oval:org.secpod.oval:def:1800189 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions: All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:703701 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:1800731 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus" Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket the KDC-REP service name must be obtained from the encrypted version stored i ... oval:org.secpod.oval:def:703702 heimdal: Heimdal Kerberos Network Authentication Protocol Heimdal could allow unintended access to network services. oval:org.secpod.oval:def:1800889 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus" Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket the KDC-REP service name must be obtained from the encrypted version stored i ... oval:org.secpod.oval:def:1800507 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus" Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket the KDC-REP service name must be obtained from the encrypted version stored i ... oval:org.secpod.oval:def:112635 Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for t ... oval:org.secpod.oval:def:51844 heimdal: Heimdal Kerberos Network Authentication Protocol Heimdal could allow unintended access to network services. oval:org.secpod.oval:def:51843 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:53097 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext , rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker ... oval:org.secpod.oval:def:53096 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:1800288 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus" Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket the KDC-REP service name must be obtained from the encrypted version stored i ... oval:org.secpod.oval:def:603000 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext , rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker ... oval:org.secpod.oval:def:1800842 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions: All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:602999 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:42227 The host is installed with Apple Mac OS X 10.8 before 10.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle a validation issue, that existed in the handling of the KDC-REP service name. Successful exploitation could allow attackers in a privi ... oval:org.secpod.oval:def:1800531 A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected versions All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 oval:org.secpod.oval:def:112682 Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for t ... oval:org.secpod.oval:def:602704 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded, allowing ... oval:org.secpod.oval:def:703405 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1800437 CVE-2016-2123: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability. Affected versions: Samba 4.0.0 to 4.5.2 Fixed in: Samba 4.5.3, 4.4.8 and 4.3.13 oval:org.secpod.oval:def:42214 The host is missing a security update according to Apple advisory, APPLE-SA-2017-09-25-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |
