Search CVE reports
11 – 20 of 187 results
CVE-2023-3347
Medium priorityA vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-2127
Medium prioritySome fixes available 7 of 10
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-0922
Medium prioritySome fixes available 7 of 10
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2023-0614
Medium prioritySome fixes available 9 of 15
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
2 affected packages
ldb, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ldb | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
samba | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2023-0225
Medium priorityA flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Not affected | Not affected | Not affected | Not affected |
CVE-2018-14628
Low prioritySome fixes available 2 of 10
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-3592
Medium priorityA symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-42898
Medium prioritySome fixes available 13 of 22
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which...
3 affected packages
heimdal, krb5, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
krb5 | Not affected | Fixed | Fixed | Fixed | Fixed |
samba | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2022-44640
Medium prioritySome fixes available 4 of 10
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
2 affected packages
heimdal, samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | Vulnerable | Vulnerable | Fixed | Fixed | Fixed |
samba | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-45141
Medium prioritySome fixes available 2 of 4
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |