Vulnerabilities (CVE)

Filtered by vendor Samba Subscribe
Total 230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4572 1 Samba 1 Samba 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
CVE-2007-2446 1 Samba 1 Samba 2025-04-09 10.0 HIGH N/A
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2008-3789 1 Samba 1 Samba 2025-04-09 2.1 LOW N/A
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
CVE-2009-1886 1 Samba 1 Samba 2025-04-09 9.3 HIGH N/A
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CVE-2007-2444 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2025-04-09 7.2 HIGH N/A
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
CVE-2008-1105 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2025-04-09 7.5 HIGH N/A
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
CVE-2008-1720 1 Samba 1 Rsync 2025-04-09 7.5 HIGH N/A
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2009-2906 2 Canonical, Samba 2 Ubuntu Linux, Samba 2025-04-09 4.0 MEDIUM N/A
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
CVE-2007-0453 1 Samba 1 Samba 2025-04-09 4.6 MEDIUM N/A
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
CVE-2009-2948 1 Samba 1 Samba 2025-04-09 1.9 LOW N/A
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
CVE-2007-0454 3 Debian, Mandrakesoft, Samba 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2025-04-09 7.5 HIGH N/A
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
CVE-2007-6015 1 Samba 1 Samba 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
CVE-2022-3592 2 Fedoraproject, Samba 2 Fedora, Samba 2025-04-08 N/A 6.5 MEDIUM
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
CVE-2004-0600 2 Samba, Trustix 2 Samba, Secure Linux 2025-04-03 10.0 HIGH N/A
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVE-2004-0686 2 Samba, Trustix 2 Samba, Secure Linux 2025-04-03 5.0 MEDIUM N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2004-2546 2 Samba, Trustix 2 Samba, Secure Linux 2025-04-03 6.4 MEDIUM N/A
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
CVE-2003-0085 2 Hp, Samba 2 Cifs-9000 Server, Samba 2025-04-03 10.0 HIGH N/A
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
CVE-2003-0201 6 Apple, Compaq, Hp and 3 more 8 Mac Os X, Tru64, Cifs-9000 Server and 5 more 2025-04-03 10.0 HIGH N/A
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2000-0938 1 Samba 1 Samba 2025-04-03 5.0 MEDIUM N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
CVE-2001-0406 1 Samba 1 Samba 2025-04-03 2.1 LOW N/A
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.