ALAS-2016-634 ---- sambaID: oval:org.secpod.oval:def:1600354 | Date: (C)2016-05-19 (M)2023-11-13 |
Class: PATCH | Family: unix |
A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path.A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text.
Platform: |
Amazon Linux AMI |