The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Samba

vulnerability alert CVE-2019-12436

Samba: NULL pointer dereference via AD DC Paged Search

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via AD DC Paged Search of Samba, in order to trigger a denial of service.
Impacted products: Fedora, Samba, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 19/06/2019.
Identifiers: CERTFR-2019-AVI-282, CVE-2019-12436, FEDORA-2019-8015e5dc40, FEDORA-2019-8966706e33, USN-4018-1, VIGILANCE-VUL-29561.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via AD DC Paged Search of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-12435

Samba: NULL pointer dereference via AD DC RPC Server

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via AD DC RPC Server of Samba, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, Samba, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 19/06/2019.
Identifiers: CERTFR-2019-AVI-282, CVE-2019-12435, FEDORA-2019-8015e5dc40, FEDORA-2019-8966706e33, openSUSE-SU-2019:1755-1, SUSE-SU-2019:1574-1, USN-4018-1, VIGILANCE-VUL-29560.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via AD DC RPC Server of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-16860

Samba: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Samba, in order to read or write data in the session.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, openSUSE Leap, Samba, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet client.
Creation date: 14/05/2019.
Identifiers: CERTFR-2019-AVI-206, CVE-2018-16860, DLA-1788-1, DSA-4443-1, DSA-4455-1, FEDORA-2019-208cc34d40, FEDORA-2019-307e117a2e, HT210346, HT210348, openSUSE-SU-2019:1682-1, openSUSE-SU-2019:1688-1, openSUSE-SU-2019:1888-1, Synology-SA-19:23, USN-3976-1, USN-3976-2, USN-3976-3, USN-3976-4, VIGILANCE-VUL-29289.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Samba, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-3880

Samba: directory traversal via Symlink

Synthesis of the vulnerability

An attacker can traverse directories via Symlink of Samba, in order to create a file outside the service root path.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 08/04/2019.
Identifiers: bulletinjul2019, CERTFR-2019-AVI-149, CVE-2019-3880, DLA-1754-1, DSA-4427-1, FEDORA-2019-019c5314a0, FEDORA-2019-db21b5f1d2, ibm10880621, openSUSE-SU-2019:1180-1, openSUSE-SU-2019:1292-1, RHSA-2019:2099-01, SUSE-SU-2019:1037-1, SUSE-SU-2019:1040-1, SUSE-SU-2019:1194-1, SUSE-SU-2019:1195-1, SUSE-SU-2019:1203-1, SUSE-SU-2019:14042-1, USN-3939-1, USN-3939-2, VIGILANCE-VUL-28963.

Description of the vulnerability

An attacker can traverse directories via Symlink of Samba, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-3824

LDB: denial of service via Search Expressions

Synthesis of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, Samba, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 26/02/2019.
Identifiers: CVE-2019-3824, DLA-1699-1, DSA-4397-1, openSUSE-SU-2019:1163-1, SUSE-SU-2019:0639-1, USN-3895-1, VIGILANCE-VUL-28602.

Description of the vulnerability

An attacker can trigger a fatal error via Search Expressions of LDB, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-14629 CVE-2018-16841 CVE-2018-16851

Samba: multiple vulnerabilities via AD DC

Synthesis of the vulnerability

An attacker can use several vulnerabilities via AD DC of Samba.
Impacted products: Debian, Fedora, Samba, Slackware, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 27/11/2018.
Identifiers: CERTFR-2018-AVI-571, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857, DLA-1607-1, DSA-4345-1, FEDORA-2018-c2a93f8e1b, FEDORA-2018-e423e8743f, SSA:2018-333-01, SUSE-SU-2018:4066-1, Synology-SA-18:60, USN-3827-1, USN-3827-2, VIGILANCE-VUL-27884.

Description of the vulnerability

An attacker can use several vulnerabilities via AD DC of Samba.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10858 CVE-2018-10918 CVE-2018-10919

Samba: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, IBM i, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/08/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-384, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, DLA-1539-1, DSA-4271-1, FEDORA-2018-8e4d871867, FEDORA-2018-bc22d6c7bc, ibm10730345, ibm10874886, openSUSE-SU-2018:2396-1, openSUSE-SU-2018:2400-1, openSUSE-SU-2018:3211-1, RHSA-2018:3056-01, SSA:2018-229-02, SUSE-SU-2018:2318-1, SUSE-SU-2018:2319-1, SUSE-SU-2018:2320-1, SUSE-SU-2018:2321-1, SUSE-SU-2018:2329-1, SUSE-SU-2018:2339-1, SUSE-SU-2018:3161-1, USN-3738-1, VIGILANCE-VUL-26979.

Description of the vulnerability

An attacker can use several vulnerabilities of Samba.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1057

Samba: privilege escalation via Other Users Password Change

Synthesis of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Impacted products: Debian, Fedora, IBM i, openSUSE Leap, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 13/03/2018.
Identifiers: CERTFR-2018-AVI-121, CVE-2018-1057, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, N1022524, openSUSE-SU-2018:1727-1, SSA:2018-072-02, SUSE-SU-2018:1687-1, Synology-SA-18:14, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25534.

Description of the vulnerability

An attacker can bypass restrictions via Other Users Password Change of Samba, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1050

Samba: denial of service via Spoolss As External Daemon

Synthesis of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Impacted products: Debian, Fedora, IBM i, Junos Space, openSUSE Leap, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-121, CVE-2018-1050, DLA-1320-1, DLA-1754-1, DSA-4135-1, FEDORA-2018-7d0acd608b, FEDORA-2018-c5c651ac44, JSA10917, N1022524, openSUSE-SU-2018:0801-1, RHSA-2018:1860-01, RHSA-2018:1883-01, RHSA-2018:3056-01, SUSE-SU-2018:2321-1, SUSE-SU-2018:2339-1, USN-3595-1, USN-3595-2, VIGILANCE-VUL-25533.

Description of the vulnerability

An attacker can generate a fatal error via Spoolss As External Daemon of Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Samba: