Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Max CVSS
7.5
EPSS Score
91.59%
Published
2017-11-27
Updated
2022-08-29
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Max CVSS
9.8
EPSS Score
77.32%
Published
2017-11-27
Updated
2022-08-16
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
Max CVSS
8.1
EPSS Score
4.70%
Published
2017-07-13
Updated
2020-08-18
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
Max CVSS
6.8
EPSS Score
0.86%
Published
2017-06-06
Updated
2019-10-03
CVE-2017-7494
Known exploited
Public exploit
Used for ransomware
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Max CVSS
10.0
EPSS Score
97.26%
Published
2017-05-30
Updated
2022-08-16
CISA KEV Added
2023-03-30
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
Max CVSS
6.5
EPSS Score
0.44%
Published
2017-05-11
Updated
2022-08-29
6 vulnerabilities found