ALT-PU-2017-1479-1
Closed vulnerabilities
BDU:2016-01705
Уязвимость файловой системы Samba, позволяющая нарушителю подменить протоколы SMB2 и SMB3 серверов
BDU:2021-01274
Уязвимость службы NETLOGON пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
BDU:2021-01275
Уязвимость функции ncacn_np пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01276
Уязвимость реализации DCE/RPC пакета программ сетевого взаимодействия Samba, связанная с раскрытием информации, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01289
Уязвимость парсера ndr_pull_dnsp_name пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-01290
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками в механизме криптографической защиты, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
BDU:2021-01291
Уязвимость библиотеки LDAP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01292
Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01294
Уязвимость реализации NTLMSSP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01316
Уязвимость протокола MS-SAMR и MS-LSAD пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-01421
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-01425
Уязвимость реализации протокола Kerberos пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-5370
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0624
- RHSA-2016:0624
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2015-5370.html
- https://www.samba.org/samba/security/CVE-2015-5370.html
Modified: 2024-11-21
CVE-2016-2110
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- SUSE-SU-2016:1105
- SUSE-SU-2016:1105
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1440
- openSUSE-SU-2016:1440
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0621
- RHSA-2016:0621
- RHSA-2016:0623
- RHSA-2016:0623
- RHSA-2016:0624
- RHSA-2016:0624
- RHSA-2016:0625
- RHSA-2016:0625
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2110.html
- https://www.samba.org/samba/security/CVE-2016-2110.html
Modified: 2024-11-21
CVE-2016-2111
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- SUSE-SU-2016:1105
- SUSE-SU-2016:1105
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0621
- RHSA-2016:0621
- RHSA-2016:0623
- RHSA-2016:0623
- RHSA-2016:0624
- RHSA-2016:0624
- RHSA-2016:0625
- RHSA-2016:0625
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2111.html
- https://www.samba.org/samba/security/CVE-2016-2111.html
Modified: 2024-11-21
CVE-2016-2112
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0624
- RHSA-2016:0624
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2112.html
- https://www.samba.org/samba/security/CVE-2016-2112.html
Modified: 2024-11-21
CVE-2016-2113
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0620
- RHSA-2016:0620
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2113.html
- https://www.samba.org/samba/security/CVE-2016-2113.html
Modified: 2024-11-21
CVE-2016-2114
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0620
- RHSA-2016:0620
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 86011
- 86011
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2114.html
- https://www.samba.org/samba/security/CVE-2016-2114.html
Modified: 2024-11-21
CVE-2016-2115
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0624
- RHSA-2016:0624
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2115.html
- https://www.samba.org/samba/security/CVE-2016-2115.html
Modified: 2024-11-21
CVE-2016-2118
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
- http://badlock.org/
- http://badlock.org/
- FEDORA-2016-be53260726
- FEDORA-2016-be53260726
- FEDORA-2016-48b3761baa
- FEDORA-2016-48b3761baa
- FEDORA-2016-383fce04e2
- FEDORA-2016-383fce04e2
- SUSE-SU-2016:1022
- SUSE-SU-2016:1022
- SUSE-SU-2016:1023
- SUSE-SU-2016:1023
- SUSE-SU-2016:1024
- SUSE-SU-2016:1024
- openSUSE-SU-2016:1025
- openSUSE-SU-2016:1025
- SUSE-SU-2016:1028
- SUSE-SU-2016:1028
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- RHSA-2016:0611
- RHSA-2016:0611
- RHSA-2016:0612
- RHSA-2016:0612
- RHSA-2016:0613
- RHSA-2016:0613
- RHSA-2016:0614
- RHSA-2016:0614
- RHSA-2016:0618
- RHSA-2016:0618
- RHSA-2016:0619
- RHSA-2016:0619
- RHSA-2016:0620
- RHSA-2016:0620
- RHSA-2016:0621
- RHSA-2016:0621
- RHSA-2016:0623
- RHSA-2016:0623
- RHSA-2016:0624
- RHSA-2016:0624
- RHSA-2016:0625
- RHSA-2016:0625
- DSA-3548
- DSA-3548
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 86002
- 86002
- 1035533
- 1035533
- SSA:2016-106-02
- SSA:2016-106-02
- USN-2950-1
- USN-2950-1
- USN-2950-2
- USN-2950-2
- USN-2950-3
- USN-2950-3
- USN-2950-4
- USN-2950-4
- USN-2950-5
- USN-2950-5
- https://access.redhat.com/security/vulnerabilities/badlock
- https://access.redhat.com/security/vulnerabilities/badlock
- https://bto.bluecoat.com/security-advisory/sa122
- https://bto.bluecoat.com/security-advisory/sa122
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
- https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
- GLSA-201612-47
- GLSA-201612-47
- VU#813296
- VU#813296
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/history/samba-4.2.10.html
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/security/CVE-2016-2118.html
- https://www.samba.org/samba/security/CVE-2016-2118.html
Modified: 2024-11-21
CVE-2016-2119
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
- openSUSE-SU-2016:1830
- openSUSE-SU-2016:1830
- RHSA-2016:1486
- RHSA-2016:1486
- RHSA-2016:1487
- RHSA-2016:1487
- RHSA-2016:1494
- RHSA-2016:1494
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 91700
- 91700
- 1036244
- 1036244
- GLSA-201805-07
- GLSA-201805-07
- https://www.samba.org/samba/security/CVE-2016-2119.html
- https://www.samba.org/samba/security/CVE-2016-2119.html
Modified: 2024-11-21
CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
Modified: 2024-11-21
CVE-2016-2125
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
- RHSA-2017:0494
- RHSA-2017:0494
- RHSA-2017:0495
- RHSA-2017:0495
- RHSA-2017:0662
- RHSA-2017:0662
- RHSA-2017:0744
- RHSA-2017:0744
- 94988
- 94988
- 1037494
- 1037494
- RHSA-2017:1265
- RHSA-2017:1265
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
- https://www.samba.org/samba/security/CVE-2016-2125.html
- https://www.samba.org/samba/security/CVE-2016-2125.html
Modified: 2024-11-21
CVE-2016-2126
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
- RHSA-2017:0494
- RHSA-2017:0494
- RHSA-2017:0495
- RHSA-2017:0495
- RHSA-2017:0662
- RHSA-2017:0662
- RHSA-2017:0744
- RHSA-2017:0744
- 94994
- 94994
- 1037495
- 1037495
- RHSA-2017:1265
- RHSA-2017:1265
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://www.samba.org/samba/security/CVE-2016-2126.html
- https://www.samba.org/samba/security/CVE-2016-2126.html
Modified: 2024-11-21
CVE-2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
- 97033
- 97033
- 1038117
- 1038117
- RHSA-2017:1265
- RHSA-2017:1265
- RHSA-2017:2338
- RHSA-2017:2338
- RHSA-2017:2778
- RHSA-2017:2778
- RHSA-2017:2789
- RHSA-2017:2789
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- DSA-3816
- DSA-3816
- 41740
- 41740
- https://www.samba.org/samba/security/CVE-2017-2619.html
- https://www.samba.org/samba/security/CVE-2017-2619.html
Modified: 2024-11-21
CVE-2017-9461
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
- 99455
- 99455
- RHSA-2017:1950
- RHSA-2017:1950
- RHSA-2017:2338
- RHSA-2017:2338
- RHSA-2017:2778
- RHSA-2017:2778
- https://bugs.debian.org/864291
- https://bugs.debian.org/864291
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
Closed bugs
[PATCH] исправление работы --without docs