| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0454 |
264 |
|
|
2013-03-26 |
2013-05-14 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. |
|
2 |
CVE-2013-0214 |
352 |
|
CSRF |
2013-02-02 |
2013-05-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. |
|
3 |
CVE-2013-0213 |
20 |
|
|
2013-02-02 |
2013-05-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. |
|
4 |
CVE-2012-1182 |
189 |
|
Exec Code |
2012-04-10 |
2013-01-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. |
|
5 |
CVE-2011-2724 |
20 |
|
DoS |
2011-09-06 |
2011-10-25 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. |
|
6 |
CVE-2011-2694 |
79 |
|
XSS |
2011-07-29 |
2011-10-03 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). |
|
7 |
CVE-2011-2522 |
352 |
1
|
CSRF |
2011-07-29 |
2011-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. |
|
8 |
CVE-2011-1678 |
16 |
|
|
2011-04-09 |
2011-10-25 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
|
9 |
CVE-2011-0719 |
119 |
|
DoS Overflow Mem. Corr. |
2011-03-01 |
2011-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. |
|
10 |
CVE-2010-3069 |
119 |
|
DoS Exec Code Overflow |
2010-09-15 |
2011-08-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. |
|
11 |
CVE-2010-2063 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-06-17 |
2011-08-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. |
|
12 |
CVE-2010-1642 |
119 |
|
DoS Overflow |
2010-06-17 |
2010-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. |
|
13 |
CVE-2010-1635 |
|
|
DoS |
2010-06-17 |
2010-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. |
|
14 |
CVE-2010-0926 |
22 |
|
Dir. Trav. |
2010-03-10 |
2010-09-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. |
|
15 |
CVE-2010-0547 |
20 |
|
DoS |
2010-02-04 |
2013-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. |
