Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CERTFR-2025-AVI-0885

Vulnerability from certfr_avis - Published: 2025-10-16 - Updated: 2025-10-16

De multiples vulnérabilités ont été découvertes dans Samba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Samba	Samba	Samba versions 4.23.x antérieures à 4.23.2
Samba	Samba	Samba versions 4.21.x antérieures à 4.21.9
Samba	Samba	Samba versions 4.22.x antérieures à 4.22.5

References

Title

Publication Time

Tags

Bulletin de sécurité Samba CVE-2025-10230	2025-10-15	vendor-advisory
Bulletin de sécurité Samba CVE-2025-9640	2025-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Samba versions 4.23.x ant\u00e9rieures \u00e0 4.23.2",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba versions 4.21.x ant\u00e9rieures \u00e0 4.21.9",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba versions 4.22.x ant\u00e9rieures \u00e0 4.22.5",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-9640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
    },
    {
      "name": "CVE-2025-10230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10230"
    }
  ],
  "initial_release_date": "2025-10-16T00:00:00",
  "last_revision_date": "2025-10-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0885",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Samba. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Samba",
  "vendor_advisories": [
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2025-10230",
      "url": "https://www.samba.org/samba/security/CVE-2025-10230.html"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2025-9640",
      "url": "https://www.samba.org/samba/security/CVE-2025-9640.html"
    }
  ]
}

CVE-2021-44142 (GCVE-0-2021-44142)

Vulnerability from cvelistv5 – Published: 2022-02-21 14:30 – Updated: 2025-04-23 19:02

Summary

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write

Assigner

redhat

References

URL

Tags

	https://www.samba.org/samba/security/CVE-2021-441…
	https://www.zerodayinitiative.com/blog/2022/2/1/c…
	https://kb.cert.org/vuls/id/119678	third-party-advisory
	https://bugzilla.samba.org/show_bug.cgi?id=14914
	https://security.gentoo.org/glsa/202309-06	vendor-advisory

Impacted products

	Vendor	Product	Version
	Samba	Samba	Affected: unspecified , < 4.13.17 (custom) Affected: unspecified , < 4.14.12 (custom) Affected: unspecified , < 4.15.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:24.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/119678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2021-44142.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/119678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=14914"
          },
          {
            "name": "GLSA-202309-06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-06"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:30:59.386639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:02:19.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samba",
          "vendor": "Samba",
          "versions": [
            {
              "lessThan": "4.13.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "4.14.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "4.15.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-01-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide \"...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.\" Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-17T08:06:35.393Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.samba.org/samba/security/CVE-2021-44142.html"
        },
        {
          "url": "https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://kb.cert.org/vuls/id/119678"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=14914"
        },
        {
          "name": "GLSA-202309-06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202309-06"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-44142",
    "datePublished": "2022-02-21T14:30:12.659Z",
    "dateReserved": "2021-11-22T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:02:19.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3585 (GCVE-0-2011-3585)

Vulnerability from cvelistv5 – Published: 2019-12-31 19:47 – Updated: 2024-08-06 23:37

Summary

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

Severity ?

No CVSS data available.

CWE

General Race Condition

Assigner

redhat

References

URL

Tags

	https://bugzilla.samba.org/show_bug.cgi?id=7179	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=742907	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2011/…	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2011/…	x_refsource_MISC
	https://git.samba.org/?p=cifs-utils.git%3Ba=commi…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Samba	Samba	Affected: 3.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:48.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=7179"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742907"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2011/09/27/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2011/09/30/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee0294d9b371071cb08268200"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            }
          ]
        }
      ],
      "datePublic": "2010-02-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "General Race Condition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-31T19:47:07.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=7179"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742907"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2011/09/27/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2011/09/30/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee0294d9b371071cb08268200"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3585",
    "datePublished": "2019-12-31T19:47:07.000Z",
    "dateReserved": "2011-09-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:37:48.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10218 (GCVE-0-2019-10218)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-04 22:17

Summary

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-22

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-102…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: all samba versions before samba 4.11.2, 4.10.10 and 4.9.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:19.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-10218.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-57d43f3b58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "all samba versions before samba 4.11.2, 4.10.10 and 4.9.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:19.599Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-10218.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-57d43f3b58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10218",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:17:19.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14847 (GCVE-0-2019-14847)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-05 00:26

Summary

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-148…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14847.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:14.311Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14847.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14847",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14833 (GCVE-0-2019-14833)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-05 00:26

Summary

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-305

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-148…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-57d43f3b58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:23.317Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-57d43f3b58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14833",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10197 (GCVE-0-2019-10197)

Vulnerability from cvelistv5 – Published: 2019-09-03 14:50 – Updated: 2024-08-04 22:17

Summary

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-22

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2019-101…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019090…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4121-1/	vendor-advisoryx_refsource_UBUNTU
	https://seclists.org/bugtraq/2019/Sep/4	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4513	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://support.f5.com/csp/article/K69511801	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K69511801?utm_…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3253	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4023	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-52	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	SAMBA	samba	Affected: samba 4.9.x up to 4.9.13 Affected: samba 4.10.x up to 4.10.8 Affected: samba 4.11.x up to 4.11.0rc3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:18.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"
          },
          {
            "name": "USN-4121-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4121-1/"
          },
          {
            "name": "20190904 [SECURITY] [DSA 4513-1] samba security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/4"
          },
          {
            "name": "DSA-4513",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4513"
          },
          {
            "name": "openSUSE-SU-2019:2142",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"
          },
          {
            "name": "FEDORA-2019-e3e521e5b3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"
          },
          {
            "name": "FEDORA-2019-eb1e982800",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"
          },
          {
            "name": "FEDORA-2019-41c7fa478a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K69511801"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3253"
          },
          {
            "name": "RHSA-2019:4023",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4023"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "SAMBA",
          "versions": [
            {
              "status": "affected",
              "version": "samba 4.9.x up to 4.9.13"
            },
            {
              "status": "affected",
              "version": "samba 4.10.x up to 4.10.8"
            },
            {
              "status": "affected",
              "version": "samba 4.11.x up to 4.11.0rc3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-25T18:06:12.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"
        },
        {
          "name": "USN-4121-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4121-1/"
        },
        {
          "name": "20190904 [SECURITY] [DSA 4513-1] samba security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/4"
        },
        {
          "name": "DSA-4513",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4513"
        },
        {
          "name": "openSUSE-SU-2019:2142",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"
        },
        {
          "name": "FEDORA-2019-e3e521e5b3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"
        },
        {
          "name": "FEDORA-2019-eb1e982800",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"
        },
        {
          "name": "FEDORA-2019-41c7fa478a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K69511801"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3253"
        },
        {
          "name": "RHSA-2019:4023",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4023"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "samba 4.9.x up to 4.9.13"
                          },
                          {
                            "version_value": "samba 4.10.x up to 4.10.8"
                          },
                          {
                            "version_value": "samba 4.11.x up to 4.11.0rc3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAMBA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2019-10197.html",
              "refsource": "MISC",
              "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"
            },
            {
              "name": "USN-4121-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4121-1/"
            },
            {
              "name": "20190904 [SECURITY] [DSA 4513-1] samba security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/4"
            },
            {
              "name": "DSA-4513",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4513"
            },
            {
              "name": "openSUSE-SU-2019:2142",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"
            },
            {
              "name": "FEDORA-2019-e3e521e5b3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"
            },
            {
              "name": "FEDORA-2019-eb1e982800",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"
            },
            {
              "name": "FEDORA-2019-41c7fa478a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"
            },
            {
              "name": "https://support.f5.com/csp/article/K69511801",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K69511801"
            },
            {
              "name": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3253",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3253"
            },
            {
              "name": "RHSA-2019:4023",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4023"
            },
            {
              "name": "GLSA-202003-52",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-52"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10197",
    "datePublished": "2019-09-03T14:50:27.000Z",
    "dateReserved": "2019-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:17:18.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16860 (GCVE-0-2018-16860)

Vulnerability from cvelistv5 – Published: 2019-07-31 14:38 – Updated: 2024-08-05 10:32

Summary

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-358

Assigner

redhat

References

URL

Tags

	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2018-168…	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Aug/25	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/22	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/23	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/21	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://seclists.org/fulldisclosure/2019/Aug/14	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/11	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/13	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/15	mailing-listx_refsource_FULLDISC
	https://support.apple.com/HT210346	x_refsource_CONFIRM
	https://support.apple.com/HT210348	x_refsource_CONFIRM
	https://support.apple.com/HT210351	x_refsource_CONFIRM
	https://support.apple.com/HT210353	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202003-52	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	SAMBA	samba	Affected: 4.8.x up to, excluding 4.8.12 Affected: 4.9.x up to, excluding 4.9.8 Affected: 4.10.x up to, excluding 4.10.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/25"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/22"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/23"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/21"
          },
          {
            "name": "openSUSE-SU-2019:1888",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210346"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT210353"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "SAMBA",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.x up to, excluding 4.8.12"
            },
            {
              "status": "affected",
              "version": "4.9.x up to, excluding 4.9.8"
            },
            {
              "status": "affected",
              "version": "4.10.x up to, excluding 4.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-25T18:06:17.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/25"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/22"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/23"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/21"
        },
        {
          "name": "openSUSE-SU-2019:1888",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT210346"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT210348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT210351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT210353"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.8.x up to, excluding 4.8.12"
                          },
                          {
                            "version_value": "4.9.x up to, excluding 4.9.8"
                          },
                          {
                            "version_value": "4.10.x up to, excluding 4.10.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAMBA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-358"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_23",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2018-16860.html",
              "refsource": "MISC",
              "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/25"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/22"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/23"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/21"
            },
            {
              "name": "openSUSE-SU-2019:1888",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "name": "https://support.apple.com/HT210346",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT210346"
            },
            {
              "name": "https://support.apple.com/HT210348",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT210348"
            },
            {
              "name": "https://support.apple.com/HT210351",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT210351"
            },
            {
              "name": "https://support.apple.com/HT210353",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT210353"
            },
            {
              "name": "GLSA-202003-52",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-52"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16860",
    "datePublished": "2019-07-31T14:38:36.000Z",
    "dateReserved": "2018-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:32:54.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12151 (GCVE-0-2017-12151)

Vulnerability from cvelistv5 – Published: 2018-07-27 12:00 – Updated: 2024-08-05 18:28

Summary

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Severity ?

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-300

Assigner

redhat

References

URL

Tags

	https://security.netapp.com/advisory/ntap-2017092…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2790	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100917	vdb-entryx_refsource_BID
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3983	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2858	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1039401	vdb-entryx_refsource_SECTRACK
	https://www.samba.org/samba/security/CVE-2017-121…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: 4.4.16 Affected: 4.5.14 Affected: 4.6.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
          },
          {
            "name": "RHSA-2017:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151"
          },
          {
            "name": "100917",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100917"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
          },
          {
            "name": "DSA-3983",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3983"
          },
          {
            "name": "RHSA-2017:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2858"
          },
          {
            "name": "1039401",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039401"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2017-12151.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "4.4.16"
            },
            {
              "status": "affected",
              "version": "4.5.14"
            },
            {
              "status": "affected",
              "version": "4.6.8"
            }
          ]
        }
      ],
      "datePublic": "2017-09-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-300",
              "description": "CWE-300",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-31T15:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
        },
        {
          "name": "RHSA-2017:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151"
        },
        {
          "name": "100917",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100917"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
        },
        {
          "name": "DSA-3983",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3983"
        },
        {
          "name": "RHSA-2017:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2858"
        },
        {
          "name": "1039401",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039401"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2017-12151.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-12151",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.4.16"
                          },
                          {
                            "version_value": "4.5.14"
                          },
                          {
                            "version_value": "4.6.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samba"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-300"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20170921-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
            },
            {
              "name": "RHSA-2017:2790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2790"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151"
            },
            {
              "name": "100917",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100917"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
            },
            {
              "name": "DSA-3983",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3983"
            },
            {
              "name": "RHSA-2017:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2858"
            },
            {
              "name": "1039401",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039401"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2017-12151.html",
              "refsource": "CONFIRM",
              "url": "https://www.samba.org/samba/security/CVE-2017-12151.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12151",
    "datePublished": "2018-07-27T12:00:00.000Z",
    "dateReserved": "2017-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T18:28:16.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12150 (GCVE-0-2017-12150)

Vulnerability from cvelistv5 – Published: 2018-07-26 18:00 – Updated: 2024-08-05 18:28

Summary

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Severity ?

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-300

Assigner

redhat

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2017092…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2790	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100918	vdb-entryx_refsource_BID
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2017-121…	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3983	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2858	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1039401	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2789	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2791	vendor-advisoryx_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: 4.6.8 Affected: 4.5.14 Affected: 4.4.16 Affected: 4.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
          },
          {
            "name": "RHSA-2017:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150"
          },
          {
            "name": "100918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100918"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2017-12150.html"
          },
          {
            "name": "DSA-3983",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3983"
          },
          {
            "name": "RHSA-2017:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2858"
          },
          {
            "name": "1039401",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039401"
          },
          {
            "name": "RHSA-2017:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2789"
          },
          {
            "name": "RHSA-2017:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2791"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "4.6.8"
            },
            {
              "status": "affected",
              "version": "4.5.14"
            },
            {
              "status": "affected",
              "version": "4.4.16"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            }
          ]
        }
      ],
      "datePublic": "2017-09-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-300",
              "description": "CWE-300",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-30T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
        },
        {
          "name": "RHSA-2017:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150"
        },
        {
          "name": "100918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100918"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2017-12150.html"
        },
        {
          "name": "DSA-3983",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3983"
        },
        {
          "name": "RHSA-2017:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2858"
        },
        {
          "name": "1039401",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039401"
        },
        {
          "name": "RHSA-2017:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2789"
        },
        {
          "name": "RHSA-2017:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2791"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-12150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.6.8"
                          },
                          {
                            "version_value": "4.5.14"
                          },
                          {
                            "version_value": "4.4.16"
                          },
                          {
                            "version_value": "4.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samba"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-300"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170921-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
            },
            {
              "name": "RHSA-2017:2790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2790"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150"
            },
            {
              "name": "100918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100918"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2017-12150.html",
              "refsource": "CONFIRM",
              "url": "https://www.samba.org/samba/security/CVE-2017-12150.html"
            },
            {
              "name": "DSA-3983",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3983"
            },
            {
              "name": "RHSA-2017:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2858"
            },
            {
              "name": "1039401",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039401"
            },
            {
              "name": "RHSA-2017:2789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2789"
            },
            {
              "name": "RHSA-2017:2791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2791"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12150",
    "datePublished": "2018-07-26T18:00:00.000Z",
    "dateReserved": "2017-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T18:28:16.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12163 (GCVE-0-2017-12163)

Vulnerability from cvelistv5 – Published: 2018-07-26 16:00 – Updated: 2024-08-05 18:28

Summary

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Severity ?

4.1 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-200

Assigner

redhat

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2017092…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2790	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/100925	vdb-entryx_refsource_BID
	https://www.samba.org/samba/security/CVE-2017-121…	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3983	vendor-advisoryx_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2858	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1039401	vdb-entryx_refsource_SECTRACK
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2789	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2791	vendor-advisoryx_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Samba	Samba	Affected: 4.7 Affected: 4.6.8 Affected: 4.5.14 Affected: 4.4.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
          },
          {
            "name": "RHSA-2017:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2790"
          },
          {
            "name": "100925",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100925"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2017-12163.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_57_Samba"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
          },
          {
            "name": "DSA-3983",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3983"
          },
          {
            "name": "RHSA-2017:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2858"
          },
          {
            "name": "1039401",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039401"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163"
          },
          {
            "name": "RHSA-2017:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2789"
          },
          {
            "name": "RHSA-2017:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2791"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "status": "affected",
              "version": "4.6.8"
            },
            {
              "status": "affected",
              "version": "4.5.14"
            },
            {
              "status": "affected",
              "version": "4.4.16"
            }
          ]
        }
      ],
      "datePublic": "2017-09-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-30T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03775en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170921-0001/"
        },
        {
          "name": "RHSA-2017:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2790"
        },
        {
          "name": "100925",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100925"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2017-12163.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_57_Samba"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03817en_us"
        },
        {
          "name": "DSA-3983",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3983"
        },
        {
          "name": "RHSA-2017:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2858"
        },
        {
          "name": "1039401",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039401"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163"
        },
        {
          "name": "RHSA-2017:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2789"
        },
        {
          "name": "RHSA-2017:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2791"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12163",
    "datePublished": "2018-07-26T16:00:00.000Z",
    "dateReserved": "2017-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T18:28:16.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1057 (GCVE-0-2018-1057)

Vulnerability from cvelistv5 – Published: 2018-03-13 16:00 – Updated: 2024-08-05 03:44

Summary

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Severity ?

No CVSS data available.

CWE

CWE-863

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/bid/103382	vdb-entryx_refsource_BID
	https://www.debian.org/security/2018/dsa-4135	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/3595-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id/1040494	vdb-entryx_refsource_SECTRACK
	https://security.gentoo.org/glsa/201805-07	vendor-advisoryx_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-2018031…	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2018-1057.html	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1553553	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synolog…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Samba	Samba	Affected: All versions of Samba from 4.0.0 onwards.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103382",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103382"
          },
          {
            "name": "DSA-4135",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4135"
          },
          {
            "name": "USN-3595-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3595-1/"
          },
          {
            "name": "1040494",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040494"
          },
          {
            "name": "GLSA-201805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2018-1057.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_08"
          },
          {
            "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of Samba from 4.0.0 onwards."
            }
          ]
        }
      ],
      "datePublic": "2018-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users\u0027 passwords, including administrative users and privileged service accounts (eg Domain Controllers)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T22:06:02.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "103382",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103382"
        },
        {
          "name": "DSA-4135",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4135"
        },
        {
          "name": "USN-3595-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3595-1/"
        },
        {
          "name": "1040494",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040494"
        },
        {
          "name": "GLSA-201805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2018-1057.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_08"
        },
        {
          "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1057",
    "datePublished": "2018-03-13T16:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:44:11.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1050 (GCVE-0-2018-1050)

Vulnerability from cvelistv5 – Published: 2018-03-13 16:00 – Updated: 2024-09-16 23:16

Summary

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Severity ?

No CVSS data available.

CWE

CWE-476

Assigner

redhat

References

URL

Tags

	https://usn.ubuntu.com/3595-2/	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/103387	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2613	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2612	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1883	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4135	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/3595-1/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1860	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3056	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/201805-07	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id/1040493	vdb-entryx_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://help.ecostruxureit.com/display/public/UAD…	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2018-1050.html	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1538771	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2018031…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Samba	Samba	Affected: All versions of Samba from 4.0.0 onwards

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:12.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3595-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3595-2/"
          },
          {
            "name": "103387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103387"
          },
          {
            "name": "RHSA-2018:2613",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2613"
          },
          {
            "name": "RHSA-2018:2612",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2612"
          },
          {
            "name": "RHSA-2018:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1883"
          },
          {
            "name": "DSA-4135",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4135"
          },
          {
            "name": "USN-3595-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3595-1/"
          },
          {
            "name": "RHSA-2018:1860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1860"
          },
          {
            "name": "RHSA-2018:3056",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3056"
          },
          {
            "name": "GLSA-201805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-07"
          },
          {
            "name": "1040493",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040493"
          },
          {
            "name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03834en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of Samba from 4.0.0 onwards"
            }
          ]
        }
      ],
      "datePublic": "2018-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-04T18:00:58.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3595-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3595-2/"
        },
        {
          "name": "103387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103387"
        },
        {
          "name": "RHSA-2018:2613",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2613"
        },
        {
          "name": "RHSA-2018:2612",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2612"
        },
        {
          "name": "RHSA-2018:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1883"
        },
        {
          "name": "DSA-4135",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4135"
        },
        {
          "name": "USN-3595-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3595-1/"
        },
        {
          "name": "RHSA-2018:1860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1860"
        },
        {
          "name": "RHSA-2018:3056",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3056"
        },
        {
          "name": "GLSA-201805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-07"
        },
        {
          "name": "1040493",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040493"
        },
        {
          "name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03834en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2018-03-13T00:00:00",
          "ID": "CVE-2018-1050",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions of Samba from 4.0.0 onwards"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samba"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3595-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3595-2/"
            },
            {
              "name": "103387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103387"
            },
            {
              "name": "RHSA-2018:2613",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2613"
            },
            {
              "name": "RHSA-2018:2612",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2612"
            },
            {
              "name": "RHSA-2018:1883",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1883"
            },
            {
              "name": "DSA-4135",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4135"
            },
            {
              "name": "USN-3595-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3595-1/"
            },
            {
              "name": "RHSA-2018:1860",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1860"
            },
            {
              "name": "RHSA-2018:3056",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3056"
            },
            {
              "name": "GLSA-201805-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201805-07"
            },
            {
              "name": "1040493",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040493"
            },
            {
              "name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2018-1050.html",
              "refsource": "CONFIRM",
              "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03834en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03834en_us"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180313-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1050",
    "datePublished": "2018-03-13T16:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:16:06.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2619 (GCVE-0-2017-2619)

Vulnerability from cvelistv5 – Published: 2018-03-12 15:00 – Updated: 2024-09-17 00:45

Summary

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Severity ?

No CVSS data available.

CWE

CWE-362

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2778	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-3816	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/97033	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/41740/	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1038117	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2338	vendor-advisoryx_refsource_REDHAT
	https://www.samba.org/samba/security/CVE-2017-2619.html	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1429472	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1265	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2789	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: 4.6.1 Affected: 4.5.7 Affected: 4.4.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2778",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2778"
          },
          {
            "name": "DSA-3816",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3816"
          },
          {
            "name": "97033",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97033"
          },
          {
            "name": "41740",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41740/"
          },
          {
            "name": "1038117",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038117"
          },
          {
            "name": "RHSA-2017:2338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2338"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"
          },
          {
            "name": "RHSA-2017:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1265"
          },
          {
            "name": "RHSA-2017:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.5.7"
            },
            {
              "status": "affected",
              "version": "4.4.11"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-13T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:2778",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2778"
        },
        {
          "name": "DSA-3816",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3816"
        },
        {
          "name": "97033",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97033"
        },
        {
          "name": "41740",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41740/"
        },
        {
          "name": "1038117",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038117"
        },
        {
          "name": "RHSA-2017:2338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2338"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"
        },
        {
          "name": "RHSA-2017:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1265"
        },
        {
          "name": "RHSA-2017:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-03-27T00:00:00",
          "ID": "CVE-2017-2619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.6.1"
                          },
                          {
                            "version_value": "4.5.7"
                          },
                          {
                            "version_value": "4.4.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samba"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2778",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2778"
            },
            {
              "name": "DSA-3816",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3816"
            },
            {
              "name": "97033",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97033"
            },
            {
              "name": "41740",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41740/"
            },
            {
              "name": "1038117",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038117"
            },
            {
              "name": "RHSA-2017:2338",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2338"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2017-2619.html",
              "refsource": "CONFIRM",
              "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"
            },
            {
              "name": "RHSA-2017:1265",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1265"
            },
            {
              "name": "RHSA-2017:2789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2789"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-2619",
    "datePublished": "2018-03-12T15:00:00.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:45:45.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7494 (GCVE-0-2017-7494)

Vulnerability from cvelistv5 – Published: 2017-05-30 18:00 – Updated: 2025-10-21 23:55

Summary

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

remote code execution

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/bid/98636	vdb-entryx_refsource_BID
	http://www.debian.org/security/2017/dsa-3860	vendor-advisoryx_refsource_DEBIAN
	https://www.exploit-db.com/exploits/42084/	exploitx_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2017:1270	vendor-advisoryx_refsource_REDHAT
	https://www.samba.org/samba/security/CVE-2017-7494.html	x_refsource_CONFIRM
	https://download.schneider-electric.com/files?p_e…	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2017:1390	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1038552	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1273	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1271	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/201805-07	vendor-advisoryx_refsource_GENTOO
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1272	vendor-advisoryx_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-2017052…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/42060/	exploitx_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: since 3.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98636",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98636"
          },
          {
            "name": "DSA-3860",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3860"
          },
          {
            "name": "42084",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42084/"
          },
          {
            "name": "RHSA-2017:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf\u0026p_Doc_Ref=SEVD-2018-095-01"
          },
          {
            "name": "RHSA-2017:1390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1390"
          },
          {
            "name": "1038552",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038552"
          },
          {
            "name": "RHSA-2017:1273",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1273"
          },
          {
            "name": "RHSA-2017:1271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1271"
          },
          {
            "name": "GLSA-201805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03759en_us"
          },
          {
            "name": "RHSA-2017:1272",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1272"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us"
          },
          {
            "name": "42060",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42060/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-7494",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:29:34.869777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-03-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:40.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-03-30T00:00:00.000Z",
            "value": "CVE-2017-7494 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "since 3.5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-21T09:57:02.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "98636",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98636"
        },
        {
          "name": "DSA-3860",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3860"
        },
        {
          "name": "42084",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42084/"
        },
        {
          "name": "RHSA-2017:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2017-7494.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf\u0026p_Doc_Ref=SEVD-2018-095-01"
        },
        {
          "name": "RHSA-2017:1390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1390"
        },
        {
          "name": "1038552",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038552"
        },
        {
          "name": "RHSA-2017:1273",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1273"
        },
        {
          "name": "RHSA-2017:1271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1271"
        },
        {
          "name": "GLSA-201805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03759en_us"
        },
        {
          "name": "RHSA-2017:1272",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1272"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170524-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03755en_us"
        },
        {
          "name": "42060",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42060/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7494",
    "datePublished": "2017-05-30T18:00:00.000Z",
    "dateReserved": "2017-04-05T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:40.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

15 vulnerabilities found for samba by Samba

CERTFR-2025-AVI-0885

Solutions

CVE-2021-44142 (GCVE-0-2021-44142)

CVE-2011-3585 (GCVE-0-2011-3585)

CVE-2019-10218 (GCVE-0-2019-10218)

CVE-2019-14847 (GCVE-0-2019-14847)

CVE-2019-14833 (GCVE-0-2019-14833)

CVE-2019-10197 (GCVE-0-2019-10197)

CVE-2018-16860 (GCVE-0-2018-16860)

CVE-2017-12151 (GCVE-0-2017-12151)

CVE-2017-12150 (GCVE-0-2017-12150)

CVE-2017-12163 (GCVE-0-2017-12163)

CVE-2018-1057 (GCVE-0-2018-1057)

CVE-2018-1050 (GCVE-0-2018-1050)

CVE-2017-2619 (GCVE-0-2017-2619)

CVE-2017-7494 (GCVE-0-2017-7494)