3.0.23d : Security Vulnerabilities

Cpe Name:cpe:/a:samba:samba:3.0.23d

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2013-0454	264			2013-03-26	2013-05-14	4.0	None	Remote	Low	Single system	None	Partial	None
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
2	CVE-2013-0214	352		CSRF	2013-02-02	2013-05-14	5.1	None	Remote	High	Not required	Partial	Partial	Partial
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
3	CVE-2013-0213	20			2013-02-02	2013-05-14	5.1	None	Remote	High	Not required	Partial	Partial	Partial
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
4	CVE-2012-1182	189		Exec Code	2012-04-10	2013-01-29	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
5	CVE-2011-2724	20		DoS	2011-09-06	2011-10-25	1.2	None	Local	High	Not required	None	None	Partial
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.
6	CVE-2011-2694	79		XSS	2011-07-29	2011-10-03	2.6	None	Remote	High	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
7	CVE-2011-2522	352	1	CSRF	2011-07-29	2011-10-03	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
8	CVE-2011-1678	16			2011-04-09	2011-10-25	3.3	None	Local	Medium	Not required	Partial	Partial	None
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
9	CVE-2011-0719	119		DoS Overflow Mem. Corr.	2011-03-01	2011-08-26	5.0	None	Remote	Low	Not required	None	None	Partial
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
10	CVE-2010-3069	119		DoS Exec Code Overflow	2010-09-15	2011-08-26	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
11	CVE-2010-2063	119		DoS Exec Code Overflow Mem. Corr.	2010-06-17	2011-08-26	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
12	CVE-2010-1642	119		DoS Overflow	2010-06-17	2010-07-30	5.0	None	Remote	Low	Not required	None	None	Partial
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
13	CVE-2010-1635			DoS	2010-06-17	2010-07-30	5.0	None	Remote	Low	Not required	None	None	Partial
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
14	CVE-2010-0547	20		DoS	2010-02-04	2013-04-18	2.1	None	Local	Low	Not required	None	None	Partial
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
15	CVE-2009-2948	264			2009-10-07	2010-08-21	1.9	None	Local	Medium	Not required	Partial	None	None
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
16	CVE-2009-2906			DoS	2009-10-07	2010-08-21	4.0	None	Remote	Low	Single system	None	None	Partial
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
17	CVE-2009-2813	264		Bypass	2009-09-14	2012-10-22	6.0	None	Remote	Medium	Single system	Partial	Partial	Partial
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
18	CVE-2009-1888	264			2009-06-24	2010-08-21	5.8	None	Remote	Medium	Not required	Partial	Partial	None
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
19	CVE-2007-6015	119		Exec Code Overflow	2007-12-13	2010-08-21	9.3	Admin	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
20	CVE-2007-5398	119		Exec Code Overflow	2007-11-16	2010-08-21	9.3	Admin	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
21	CVE-2007-4572	119		Overflow	2007-11-16	2010-08-21	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
22	CVE-2007-2447			Exec Code	2007-05-14	2010-11-30	6.0	User	Remote	Medium	Single system	Partial	Partial	Partial
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
23	CVE-2007-2446	119		Exec Code Overflow	2007-05-14	2012-10-30	10.0	Admin	Remote	Low	Not required	Complete	Complete	Complete
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
24	CVE-2007-2444			+Priv	2007-05-14	2012-10-30	7.2	Admin	Local	Low	Not required	Complete	Complete	Complete
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
25	CVE-2007-0454			Exec Code	2007-02-05	2010-09-15	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
26	CVE-2007-0453			Exec Code Overflow	2007-02-05	2008-11-15	4.6	User	Local	Low	Not required	Partial	Partial	Partial
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
27	CVE-2007-0452			DoS	2007-02-05	2010-09-15	6.8	None	Remote	Low	Single system	None	None	Complete
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

Total number of vulnerabilities : 27 Page : 1 (This Page)