MEDIUM6.8
Уязвимость файловой системы Samba, позволяющая нарушителю подменить протоколы SMB2 и SMB3 серверов
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
Severity:
Closed issues (27)
CRITICAL9.8
Уязвимость сетевой файловой системы Samba, позволяющая выполнить произвольный код
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CHIGH7.5
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
HIGH7.4
Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 9.0
CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:CReferences
HIGH7.4
Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием подписи SMB-трафика, позволяющая нарушителю реализовать атаку «человек посередине»
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NCVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:NReferences
HIGH7.4
Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием требования подписи и шифрования SMB-трафика при использовании перенаправлений DFS, позволяющая нарушителю реализовать атаку «человек посередине»
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NCVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:NReferences
HIGH8.8
Уязвимость парсера ndr_pull_dnsp_name пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:PReferences
HIGH7.5
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0MEDIUM 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:PReferences
CRITICAL9.8
Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH8.1
Уязвимость функции _krb5_extract_ticket() пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма проверки подлинности данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
MEDIUM6.5
Уязвимость реализации протокола Kerberos пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:PReferences
HIGH7.1
Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NCVSS 2.0MEDIUM 4.8
CVSS:2.0/AV:A/AC:L/Au:N/C:P/I:P/A:NReferences
HIGH7.5
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NReferences
HIGH7.5
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00060.html
- http://rhn.redhat.com/errata/RHSA-2016-1486.html
- http://rhn.redhat.com/errata/RHSA-2016-1487.html
- http://rhn.redhat.com/errata/RHSA-2016-1494.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91700
- http://www.securitytracker.com/id/1036244
- https://security.gentoo.org/glsa/201805-07
- https://www.samba.org/samba/security/CVE-2016-2119.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00060.html
- http://rhn.redhat.com/errata/RHSA-2016-1486.html
- http://rhn.redhat.com/errata/RHSA-2016-1487.html
- http://rhn.redhat.com/errata/RHSA-2016-1494.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91700
- http://www.securitytracker.com/id/1036244
- https://security.gentoo.org/glsa/201805-07
- https://www.samba.org/samba/security/CVE-2016-2119.html
HIGH8.8
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/94970
- http://www.securitytracker.com/id/1037493
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123
- https://www.samba.org/samba/security/CVE-2016-2123.html
- http://www.securityfocus.com/bid/94970
- http://www.securitytracker.com/id/1037493
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2123
- https://www.samba.org/samba/security/CVE-2016-2123.html
MEDIUM6.5
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
CVSS 2.0LOW 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
- http://rhn.redhat.com/errata/RHSA-2017-0494.html
- http://rhn.redhat.com/errata/RHSA-2017-0495.html
- http://rhn.redhat.com/errata/RHSA-2017-0662.html
- http://rhn.redhat.com/errata/RHSA-2017-0744.html
- http://www.securityfocus.com/bid/94988
- http://www.securitytracker.com/id/1037494
- https://access.redhat.com/errata/RHSA-2017:1265
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
- https://www.samba.org/samba/security/CVE-2016-2125.html
- http://rhn.redhat.com/errata/RHSA-2017-0494.html
- http://rhn.redhat.com/errata/RHSA-2017-0495.html
- http://rhn.redhat.com/errata/RHSA-2017-0662.html
- http://rhn.redhat.com/errata/RHSA-2017-0744.html
- http://www.securityfocus.com/bid/94988
- http://www.securitytracker.com/id/1037494
- https://access.redhat.com/errata/RHSA-2017:1265
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
- https://www.samba.org/samba/security/CVE-2016-2125.html
MEDIUM6.5
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
- http://rhn.redhat.com/errata/RHSA-2017-0494.html
- http://rhn.redhat.com/errata/RHSA-2017-0495.html
- http://rhn.redhat.com/errata/RHSA-2017-0662.html
- http://rhn.redhat.com/errata/RHSA-2017-0744.html
- http://www.securityfocus.com/bid/94994
- http://www.securitytracker.com/id/1037495
- https://access.redhat.com/errata/RHSA-2017:1265
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://www.samba.org/samba/security/CVE-2016-2126.html
- http://rhn.redhat.com/errata/RHSA-2017-0494.html
- http://rhn.redhat.com/errata/RHSA-2017-0495.html
- http://rhn.redhat.com/errata/RHSA-2017-0662.html
- http://rhn.redhat.com/errata/RHSA-2017-0744.html
- http://www.securityfocus.com/bid/94994
- http://www.securitytracker.com/id/1037495
- https://access.redhat.com/errata/RHSA-2017:1265
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://www.samba.org/samba/security/CVE-2016-2126.html
HIGH8.1
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.debian.org/security/2017/dsa-3912
- http://www.h5l.org/advisories.html?show=2017-07-11
- http://www.securityfocus.com/bid/99551
- http://www.securitytracker.com/id/1038876
- http://www.securitytracker.com/id/1039427
- https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
- https://support.apple.com/HT208112
- https://support.apple.com/HT208144
- https://support.apple.com/HT208221
- https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
- https://www.orpheus-lyre.info/
- https://www.samba.org/samba/security/CVE-2017-11103.html
- http://www.debian.org/security/2017/dsa-3912
- http://www.h5l.org/advisories.html?show=2017-07-11
- http://www.securityfocus.com/bid/99551
- http://www.securitytracker.com/id/1038876
- http://www.securitytracker.com/id/1039427
- https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
- https://support.apple.com/HT208112
- https://support.apple.com/HT208144
- https://support.apple.com/HT208221
- https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
- https://www.orpheus-lyre.info/
- https://www.samba.org/samba/security/CVE-2017-11103.html
HIGH7.4
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:NCVSS 3.xHIGH 7.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NReferences
- http://www.securityfocus.com/bid/100918
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2789
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2791
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12150.html
- http://www.securityfocus.com/bid/100918
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2789
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2791
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12150.html
HIGH7.4
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:NCVSS 3.xHIGH 7.4
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NReferences
- http://www.securityfocus.com/bid/100917
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12151.html
- http://www.securityfocus.com/bid/100917
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12151.html
HIGH7.1
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
CVSS 2.0MEDIUM 4.8
CVSS:2.0/AV:A/AC:L/Au:N/C:P/I:P/A:NCVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NReferences
- http://www.securityfocus.com/bid/100925
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2789
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2791
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12163.html
- https://www.synology.com/support/security/Synology_SA_17_57_Samba
- http://www.securityfocus.com/bid/100925
- http://www.securitytracker.com/id/1039401
- https://access.redhat.com/errata/RHSA-2017:2789
- https://access.redhat.com/errata/RHSA-2017:2790
- https://access.redhat.com/errata/RHSA-2017:2791
- https://access.redhat.com/errata/RHSA-2017:2858
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us
- https://security.netapp.com/advisory/ntap-20170921-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-3983
- https://www.samba.org/samba/security/CVE-2017-12163.html
- https://www.synology.com/support/security/Synology_SA_17_57_Samba
CRITICAL9.8
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/101907
- http://www.securitytracker.com/id/1039856
- http://www.ubuntu.com/usn/USN-3486-1
- https://access.redhat.com/errata/RHSA-2017:3260
- https://access.redhat.com/errata/RHSA-2017:3261
- https://access.redhat.com/errata/RHSA-2017:3278
- https://security.gentoo.org/glsa/201805-07
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-4043
- https://www.samba.org/samba/security/CVE-2017-14746.html
- https://www.synology.com/support/security/Synology_SA_17_72_Samba
- http://www.securityfocus.com/bid/101907
- http://www.securitytracker.com/id/1039856
- http://www.ubuntu.com/usn/USN-3486-1
- https://access.redhat.com/errata/RHSA-2017:3260
- https://access.redhat.com/errata/RHSA-2017:3261
- https://access.redhat.com/errata/RHSA-2017:3278
- https://security.gentoo.org/glsa/201805-07
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-4043
- https://www.samba.org/samba/security/CVE-2017-14746.html
- https://www.synology.com/support/security/Synology_SA_17_72_Samba
HIGH7.5
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
- http://www.securityfocus.com/bid/101908
- http://www.securitytracker.com/id/1039855
- http://www.ubuntu.com/usn/USN-3486-1
- http://www.ubuntu.com/usn/USN-3486-2
- https://access.redhat.com/errata/RHSA-2017:3260
- https://access.redhat.com/errata/RHSA-2017:3261
- https://access.redhat.com/errata/RHSA-2017:3278
- https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html
- https://security.gentoo.org/glsa/201805-07
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-4043
- https://www.samba.org/samba/security/CVE-2017-15275.html
- https://www.synology.com/support/security/Synology_SA_17_72_Samba
- http://www.securityfocus.com/bid/101908
- http://www.securitytracker.com/id/1039855
- http://www.ubuntu.com/usn/USN-3486-1
- http://www.ubuntu.com/usn/USN-3486-2
- https://access.redhat.com/errata/RHSA-2017:3260
- https://access.redhat.com/errata/RHSA-2017:3261
- https://access.redhat.com/errata/RHSA-2017:3278
- https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html
- https://security.gentoo.org/glsa/201805-07
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
- https://www.debian.org/security/2017/dsa-4043
- https://www.samba.org/samba/security/CVE-2017-15275.html
- https://www.synology.com/support/security/Synology_SA_17_72_Samba
HIGH7.5
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVSS 2.0MEDIUM 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/97033
- http://www.securitytracker.com/id/1038117
- https://access.redhat.com/errata/RHSA-2017:1265
- https://access.redhat.com/errata/RHSA-2017:2338
- https://access.redhat.com/errata/RHSA-2017:2778
- https://access.redhat.com/errata/RHSA-2017:2789
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://www.debian.org/security/2017/dsa-3816
- https://www.exploit-db.com/exploits/41740/
- https://www.samba.org/samba/security/CVE-2017-2619.html
- http://www.securityfocus.com/bid/97033
- http://www.securitytracker.com/id/1038117
- https://access.redhat.com/errata/RHSA-2017:1265
- https://access.redhat.com/errata/RHSA-2017:2338
- https://access.redhat.com/errata/RHSA-2017:2778
- https://access.redhat.com/errata/RHSA-2017:2789
- https://bugzilla.redhat.com/show_bug.cgi?id=1429472
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://www.debian.org/security/2017/dsa-3816
- https://www.exploit-db.com/exploits/41740/
- https://www.samba.org/samba/security/CVE-2017-2619.html
CRITICAL9.8
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.debian.org/security/2017/dsa-3860
- http://www.securityfocus.com/bid/98636
- http://www.securitytracker.com/id/1038552
- https://access.redhat.com/errata/RHSA-2017:1270
- https://access.redhat.com/errata/RHSA-2017:1271
- https://access.redhat.com/errata/RHSA-2017:1272
- https://access.redhat.com/errata/RHSA-2017:1273
- https://access.redhat.com/errata/RHSA-2017:1390
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20170524-0001/
- https://www.exploit-db.com/exploits/42060/
- https://www.exploit-db.com/exploits/42084/
- https://www.samba.org/samba/security/CVE-2017-7494.html
- http://www.debian.org/security/2017/dsa-3860
- http://www.securityfocus.com/bid/98636
- http://www.securitytracker.com/id/1038552
- https://access.redhat.com/errata/RHSA-2017:1270
- https://access.redhat.com/errata/RHSA-2017:1271
- https://access.redhat.com/errata/RHSA-2017:1272
- https://access.redhat.com/errata/RHSA-2017:1273
- https://access.redhat.com/errata/RHSA-2017:1390
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20170524-0001/
- https://www.exploit-db.com/exploits/42060/
- https://www.exploit-db.com/exploits/42084/
- https://www.samba.org/samba/security/CVE-2017-7494.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494
MEDIUM4.3
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
CVSS 2.0LOW 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LReferences
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
HIGH8.8
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08