Next Page >>
smbd
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba,
tar, and cpio.
2. Relevant releases
VMware ESX 3.5 without patches ESX350-201008405-SG,
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba,
tar, and cpio.
2. Relevant releases
VMware ESX 3.5 without patches ESX350-201008405-SG,
===========================================================
Ubuntu Security Notice USN-839-1 October 01, 2009
samba vulnerabilities
CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906,
CVE-2009-2948
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
== Subject: Boundary failure when parsing SMB responses
== can result in a buffer overrun
==
== CVE ID#: CVE-2008-1105
==
== Versions: Samba 3.0.0 - 3.0.29 (inclusive)
==
== Summary: Specifically crafted SMB responses can result
== in a heap overflow in the Samba client code.
== Because the server process, smbd, can itself
== act as a client during operations such as
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Considering that there are not updates available for Samba on ASUS Eee
PC (it runs a modified version o Samba as far as we know, smb protocol
is only partially supported), and even considering the fact that it is
Linux and not Microsoft Windows (the main reason that made us write this
blog post), we think it is not the same scenario.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Execution of arbitrary code
Date: November 20, 2007
Bugs: #197519
ID: 200711-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0003
Synopsis: Moderate: Updated aacraid driver and samba
~ and python service console updates
Issue date: 2008-02-04
Updated on: 2008-02-04 (initial release of advisory)
CVE numbers: CVE-2007-6015 CVE-2006-7228 CVE-2007-2052
~ CVE-2007-4965 CVE-2007-4308
Mandriva Linux Security Advisory MDVSA-2009:320
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : December 6, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 16, 2010
I. BACKGROUND
Samba is an open-source Unix server application used to implement
Windows file sharing and domain controlling functionality. For more
information, please visit: http://www.samba.org
II. DESCRIPTION
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================
Ubuntu Security Notice USN-544-2 November 16, 2007
samba regression
CVE-2007-4572, https://launchpad.net/bugs/163042
===========================================================
A security issue affects the following Ubuntu releases:
===========================================================
Ubuntu Security Notice USN-987-1 September 14, 2010
samba vulnerability
CVE-2010-3069
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
2362 pts/0 00:00:00 ps
eeepc-rise:/root>
Retrieving the the smbd version, we discovered that it runs a vulnerable
version of Samba (Samba lsa_io_trans_names Heap Overflow), which exploit
we published earlier last year.
eeepc-rise:/root> smbd --version
Version 3.0.24
===========================================================
Ubuntu Security Notice USN-918-1 March 24, 2010
samba vulnerability
CVE-2010-0926
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-617-1 June 17, 2008
samba vulnerabilities
CVE-2007-4572, CVE-2008-1105
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
2362 pts/0 00:00:00 ps
eeepc-rise:/root>
Retrieving the the smbd version, we discovered that it runs a vulnerable
version of Samba (Samba lsa_io_trans_names Heap Overflow), which exploit
we published earlier last year.
eeepc-rise:/root> smbd --version
Version 3.0.24
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================
Ubuntu Security Notice USN-544-1 November 16, 2007
samba vulnerabilities
CVE-2007-4572, CVE-2007-5398
===========================================================
A security issue affects the following Ubuntu releases:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02627925
Version: 1
HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-11-24
Last Updated: 2010-11-24
===========================================================
Ubuntu Security Notice USN-1075-1 February 28, 2011
samba vulnerability
CVE-2011-0719
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02787667
Version: 1
HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-06-16
Last Updated: 2011-06-16
Mandriva Linux Security Advisory MDVSA-2010:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : July 27, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:277
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : October 14, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Execution of arbitrary code
Date: December 10, 2007
Bugs: #200773
ID: 200712-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-556-1 December 18, 2007
samba vulnerability
CVE-2007-6015
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
== Subject: Stack buffer overflow in nmbd's logon
== request processing.
==
== CVE ID#: CVE-2007-4572
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
==
== Summary: Processing of specially crafted GETDC
== mailslot requests can result in a buffer
== overrun in nmbd. It is not believed that
== that this issues can be exploited to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Remote code execution in Samba's WINS
== server daemon (nmbd) when processing name
== registration followed name query requests.
==
== CVE ID#: CVE-2007-5398
==
======================================================================
Secunia Research 15/11/2007
- Samba "reply_netbios_packet()" Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Debian Security Advisory DSA-1409-2 security@debian.org
http://www.debian.org/security/ Steve Kemp
November 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-4572, CVE-2007-5398
== domain users using the rfc2307 or sfu
== winbind nss info plugin.
==
== CVE ID#: CVE-2007-4138
==
== Versions: Samba 3.0.25 - 3.0.25c (inclusive)
==
== Summary: When the "winbind nss info" parameter in
== smb.conf is set to either "sfu" or "rfc2307",
== Windows users are incorrectly assigned
== a primary gid of 0 in the absence of the
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01377687
Version: 1
HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-03-10
Last Updated: 2008-03-08
Mandriva Linux Security Advisory MDVSA-2009:196
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : August 7, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Next Page>>
|
