Search Results (249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1059 1 Samba 1 Samba 2026-04-16 N/A
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
CVE-2002-2196 1 Samba 1 Samba 2026-04-16 N/A
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2004-0686 3 Redhat, Samba, Trustix 3 Enterprise Linux, Samba, Secure Linux 2026-04-16 N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2003-0086 2 Redhat, Samba 3 Enterprise Linux, Linux, Samba 2026-04-16 N/A
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
CVE-2004-0815 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
CVE-2001-1162 3 Hp, Redhat, Samba 3 Cifs-9000 Server, Linux, Samba 2026-04-16 N/A
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
CVE-2002-1318 4 Hp, Redhat, Samba and 1 more 4 Cifs-9000 Server, Linux, Samba and 1 more 2026-04-16 N/A
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
CVE-2006-3403 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
CVE-2003-0085 3 Hp, Redhat, Samba 4 Cifs-9000 Server, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
CVE-2004-0808 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
CVE-2004-1154 4 Redhat, Samba, Suse and 1 more 5 Enterprise Linux, Fedora Core, Samba and 2 more 2026-04-16 N/A
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVE-2000-0935 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
CVE-1999-0811 1 Samba 1 Samba 2026-04-16 N/A
Buffer overflow in Samba smbd program via a malformed message command.
CVE-2004-0882 4 Conectiva, Redhat, Samba and 1 more 7 Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more 2026-04-16 N/A
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
CVE-2004-2546 2 Samba, Trustix 2 Samba, Secure Linux 2026-04-16 N/A
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
CVE-2004-2687 2 Apple, Samba 2 Xcode, Samba 2026-04-16 N/A
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
CVE-2004-0829 1 Samba 1 Samba 2026-04-16 N/A
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
CVE-1999-1288 4 Caldera, Redhat, Samba and 1 more 4 Openlinux, Linux, Samba and 1 more 2026-04-16 N/A
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
CVE-2020-1472 9 Canonical, Debian, Fedoraproject and 6 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2026-02-23 5.5 Medium
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
CVE-2023-3961 3 Fedoraproject, Redhat, Samba 7 Fedora, Enterprise Linux, Enterprise Linux Eus and 4 more 2025-11-20 9.1 Critical
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.