The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Samba

vulnerability announce CVE-2019-3824

LDB: denial of service via Search Expressions

Synthesis of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Samba, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 26/02/2019.
Identifiers: CVE-2019-3824, DLA-1699-1, DSA-4397-1, openSUSE-SU-2019:1163-1, SUSE-SU-2019:0639-1, USN-3895-1, VIGILANCE-VUL-28602.

Description of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10858 CVE-2018-10918 CVE-2018-10919

Samba: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, IBM i, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/08/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-384, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, DLA-1539-1, DSA-4271-1, FEDORA-2018-8e4d871867, FEDORA-2018-bc22d6c7bc, ibm10730345, ibm10874886, openSUSE-SU-2018:2396-1, openSUSE-SU-2018:2400-1, openSUSE-SU-2018:3211-1, RHSA-2018:3056-01, SSA:2018-229-02, SUSE-SU-2018:2318-1, SUSE-SU-2018:2319-1, SUSE-SU-2018:2320-1, SUSE-SU-2018:2321-1, SUSE-SU-2018:2329-1, SUSE-SU-2018:2339-1, SUSE-SU-2018:3161-1, USN-3738-1, VIGILANCE-VUL-26979.

Description of the vulnerability

An attacker can use several vulnerabilities of Samba.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1057

Samba: privilege escalation via Other Users Password Change

Synthesis of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 13/03/2018.
Identifiers: CERTFR-2018-AVI-121, CVE-2018-1057, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, N1022524, openSUSE-SU-2018:1727-1, SSA:2018-072-02, SUSE-SU-2018:1687-1, Synology-SA-18:14, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25534.

Description of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1050

Samba: denial of service via Spoolss As External Daemon

Synthesis of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, Junos Space, openSUSE Leap, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-121, CVE-2018-1050, DLA-1320-1, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, JSA10917, N1022524, openSUSE-SU-2018:0801-1, RHSA-2018:1860-01, RHSA-2018:1883-01, RHSA-2018:3056-01, SUSE-SU-2018:2321-1, SUSE-SU-2018:2339-1, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25533.

Description of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12163

Samba: information disclosure via Share Write Access

Synthesis of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12163, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23882.

Description of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12151

Samba: information disclosure via SMB3 DFS Redirects

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12151, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2790-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23881.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12150

Samba: information disclosure via Missing Signature

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12150, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23880.

Description of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-11103

Heimdal Kerberos: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Heimdal Kerberos, in order to read or write data in the session.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, FreeBSD, NetBSD, openSUSE Leap, Solaris, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 12/07/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinjul2017, CERTFR-2017-AVI-214, CVE-2017-11103, DLA-1027-1, DSA-3909-1, DSA-3912-1, FEDORA-2017-2afe501b36, FEDORA-2017-5d6a9e0c9c, FreeBSD-SA-17:05.heimdal, HT208144, HT208221, openSUSE-SU-2017:2180-1, openSUSE-SU-2017:2311-1, SSA:2017-195-02, SUSE-SU-2017:2237-1, Synology-SA-17:31, USN-3353-1, USN-3353-2, USN-3353-3, USN-3353-4, VIGILANCE-VUL-23218.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Heimdal Kerberos, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Samba: