ALT-PU-2015-1196-1

Package update samba in branch sisyphus

Version4.1.17-alt1

Published2015-02-23

Max severityCRITICAL

Severity:

Closed issues (4)

CRITICAL10.0

Уязвимость функции the _netr_ServerPasswordSet пакета программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код c привилегиями администратора

Published: 2016-07-07Modified: 2021-03-29

CVSS 3.xCRITICAL 10.0

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

HIGH8.0

Уязвимость конфигурации Active Directory Domain Controller (AD DC) пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2021-03-15Modified: 2021-03-29

CVSS 3.xHIGH 8.0

CVSS:3.x/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 8.5

CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:C

References

CVE-2014-8143

HIGH8.5

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Published: 2015-01-17Modified: 2025-04-12

CVSS 2.0HIGH 8.5

CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:C

References

CRITICAL10.0

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Published: 2015-02-24Modified: 2025-05-09

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References