Search CVE reports
31 – 40 of 187 results
CVE-2022-32745
Medium prioritySome fixes available 7 of 11
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Ignored | Needs evaluation |
CVE-2022-32744
Medium prioritySome fixes available 7 of 11
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Ignored | Needs evaluation |
CVE-2022-32742
Low prioritySome fixes available 7 of 11
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2022-2031
Medium prioritySome fixes available 7 of 11
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Ignored | Vulnerable |
CVE-2022-0336
Medium priorityThe Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-44142
High priorityThe Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Fixed | Fixed | Fixed | Fixed |
CVE-2021-44141
Low priorityAll versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Ignored | Ignored | Ignored | Ignored |
CVE-2021-43566
Low prioritySome fixes available 8 of 12
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2021-3670
Low prioritySome fixes available 2 of 10
MaxQueryDuration not honoured in Samba AD DC LDAP
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | Not in release | Not affected | Fixed | Vulnerable | Needs evaluation |
samba | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
CVE-2021-3738
Medium prioritySome fixes available 6 of 9
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while...
1 affected package
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Fixed | Fixed | Ignored | Ignored |