Next Page >>
samba
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba,
tar, and cpio.
2. Relevant releases
VMware ESX 3.5 without patches ESX350-201008405-SG,
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba,
tar, and cpio.
2. Relevant releases
VMware ESX 3.5 without patches ESX350-201008405-SG,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Execution of arbitrary code
Date: November 20, 2007
Bugs: #197519
ID: 200711-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================
Ubuntu Security Notice USN-544-2 November 16, 2007
samba regression
CVE-2007-4572, https://launchpad.net/bugs/163042
===========================================================
A security issue affects the following Ubuntu releases:
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0003
Synopsis: Moderate: Updated aacraid driver and samba
~ and python service console updates
Issue date: 2008-02-04
Updated on: 2008-02-04 (initial release of advisory)
CVE numbers: CVE-2007-6015 CVE-2006-7228 CVE-2007-2052
~ CVE-2007-4965 CVE-2007-4308
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 16, 2010
I. BACKGROUND
Samba is an open-source Unix server application used to implement
Windows file sharing and domain controlling functionality. For more
information, please visit: http://www.samba.org
II. DESCRIPTION
===========================================================
Ubuntu Security Notice USN-617-1 June 17, 2008
samba vulnerabilities
CVE-2007-4572, CVE-2008-1105
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
===========================================================
Ubuntu Security Notice USN-1075-1 February 28, 2011
samba vulnerability
CVE-2011-0719
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-918-1 March 24, 2010
samba vulnerability
CVE-2010-0926
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-987-1 September 14, 2010
samba vulnerability
CVE-2010-3069
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02787667
Version: 1
HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-06-16
Last Updated: 2011-06-16
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================
Ubuntu Security Notice USN-544-1 November 16, 2007
samba vulnerabilities
CVE-2007-4572, CVE-2007-5398
===========================================================
A security issue affects the following Ubuntu releases:
===========================================================
Ubuntu Security Notice USN-839-1 October 01, 2009
samba vulnerabilities
CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906,
CVE-2009-2948
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
== Subject: Boundary failure when parsing SMB responses
== can result in a buffer overrun
==
== CVE ID#: CVE-2008-1105
==
== Versions: Samba 3.0.0 - 3.0.29 (inclusive)
==
== Summary: Specifically crafted SMB responses can result
== in a heap overflow in the Samba client code.
== Because the server process, smbd, can itself
== act as a client during operations such as
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02627925
Version: 1
HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-11-24
Last Updated: 2010-11-24
Mandriva Linux Security Advisory MDVSA-2009:320
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : December 6, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Execution of arbitrary code
Date: December 10, 2007
Bugs: #200773
ID: 200712-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-556-1 December 18, 2007
samba vulnerability
CVE-2007-6015
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Debian Security Advisory DSA-1409-2 security@debian.org
http://www.debian.org/security/ Steve Kemp
November 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-4572, CVE-2007-5398
== Subject: Stack buffer overflow in nmbd's logon
== request processing.
==
== CVE ID#: CVE-2007-4572
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
==
== Summary: Processing of specially crafted GETDC
== mailslot requests can result in a buffer
== overrun in nmbd. It is not believed that
== that this issues can be exploited to
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03297338
Version: 1
HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-23
Last Updated: 2012-04-23
== domain users using the rfc2307 or sfu
== winbind nss info plugin.
==
== CVE ID#: CVE-2007-4138
==
== Versions: Samba 3.0.25 - 3.0.25c (inclusive)
==
== Summary: When the "winbind nss info" parameter in
== smb.conf is set to either "sfu" or "rfc2307",
== Windows users are incorrectly assigned
== a primary gid of 0 in the absence of the
======================================================================
Secunia Research 15/11/2007
- Samba "reply_netbios_packet()" Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Remote code execution in Samba's WINS
== server daemon (nmbd) when processing name
== registration followed name query requests.
==
== CVE ID#: CVE-2007-5398
==
Mandriva Linux Security Advisory MDVSA-2009:277
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : October 14, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Debian Security Advisory DSA-1409-3 security@debian.org
http://www.debian.org/security/ Steve Kemp
November 29, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-4572, CVE-2007-5398
Debian Security Advisory 1409 security@debian.org
http://www.debian.org/security/ Steve Kemp
November 22, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-4572, CVE-2007-5398
Debian Security Advisory DSA-1908-1 security@debian.org
http://www.debian.org/security/ Nico Golde
October 14th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : local/remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2009-2948 CVE-2009-2906 CVE-2009-2813
First and foremost I did not know about the configuration setting which
closes the bug when i posted the advisory. So this was my mistake.
But for the most servers which are not entirely hardened (and my
assumption is that this applies to many servers in internal networks)
the traversal can be a serious issue, because a samba user (even nobody)
can create the symlinks. It would in my point of view be more secure to
only allow administrators to create symlinks as it is intended.
Again I might be wrong with this thought.
I first audited Windows Server 2008 for the new SMB2 hardlinking
features. Symlinking on a windows server is possible but only when the
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01475657
Version: 1
HPSBUX02341 SSRT080075 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-06-23
Last Updated: 2008-06-23
Next Page>>
|
