The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Samba

computer vulnerability note CVE-2018-16860

Samba: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Samba, in order to read or write data in the session.
Impacted products: Debian, Fedora, openSUSE Leap, Samba, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet client.
Creation date: 14/05/2019.
Identifiers: CERTFR-2019-AVI-206, CVE-2018-16860, DLA-1788-1, DSA-4443-1, DSA-4455-1, FEDORA-2019-208cc34d40, FEDORA-2019-307e117a2e, openSUSE-SU-2019:1682-1, openSUSE-SU-2019:1688-1, Synology-SA-19:23, USN-3976-1, USN-3976-2, USN-3976-3, USN-3976-4, VIGILANCE-VUL-29289.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Samba, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-3880

Samba: directory traversal via Symlink

Synthesis of the vulnerability

An attacker can traverse directories via Symlink of Samba, in order to create a file outside the service root path.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Solaris, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 08/04/2019.
Identifiers: bulletinjul2019, CERTFR-2019-AVI-149, CVE-2019-3880, DLA-1754-1, DSA-4427-1, FEDORA-2019-019c5314a0, FEDORA-2019-db21b5f1d2, ibm10880621, openSUSE-SU-2019:1180-1, openSUSE-SU-2019:1292-1, SUSE-SU-2019:1037-1, SUSE-SU-2019:1040-1, SUSE-SU-2019:1194-1, SUSE-SU-2019:1195-1, SUSE-SU-2019:1203-1, SUSE-SU-2019:14042-1, USN-3939-1, USN-3939-2, VIGILANCE-VUL-28963.

Description of the vulnerability

An attacker can traverse directories via Symlink of Samba, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-3824

LDB: denial of service via Search Expressions

Synthesis of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Samba, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 26/02/2019.
Identifiers: CVE-2019-3824, DLA-1699-1, DSA-4397-1, openSUSE-SU-2019:1163-1, SUSE-SU-2019:0639-1, USN-3895-1, VIGILANCE-VUL-28602.

Description of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10858 CVE-2018-10918 CVE-2018-10919

Samba: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, IBM i, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/08/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-384, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, DLA-1539-1, DSA-4271-1, FEDORA-2018-8e4d871867, FEDORA-2018-bc22d6c7bc, ibm10730345, ibm10874886, openSUSE-SU-2018:2396-1, openSUSE-SU-2018:2400-1, openSUSE-SU-2018:3211-1, RHSA-2018:3056-01, SSA:2018-229-02, SUSE-SU-2018:2318-1, SUSE-SU-2018:2319-1, SUSE-SU-2018:2320-1, SUSE-SU-2018:2321-1, SUSE-SU-2018:2329-1, SUSE-SU-2018:2339-1, SUSE-SU-2018:3161-1, USN-3738-1, VIGILANCE-VUL-26979.

Description of the vulnerability

An attacker can use several vulnerabilities of Samba.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1057

Samba: privilege escalation via Other Users Password Change

Synthesis of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 13/03/2018.
Identifiers: CERTFR-2018-AVI-121, CVE-2018-1057, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, N1022524, openSUSE-SU-2018:1727-1, SSA:2018-072-02, SUSE-SU-2018:1687-1, Synology-SA-18:14, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25534.

Description of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1050

Samba: denial of service via Spoolss As External Daemon

Synthesis of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, Junos Space, openSUSE Leap, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-121, CVE-2018-1050, DLA-1320-1, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, JSA10917, N1022524, openSUSE-SU-2018:0801-1, RHSA-2018:1860-01, RHSA-2018:1883-01, RHSA-2018:3056-01, SUSE-SU-2018:2321-1, SUSE-SU-2018:2339-1, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25533.

Description of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12163

Samba: information disclosure via Share Write Access

Synthesis of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12163, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23882.

Description of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12151

Samba: information disclosure via SMB3 DFS Redirects

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12151, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2790-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23881.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Samba: