Vulnerabilities
Vulnerable Software
Samba:  >> Samba  Security Vulnerabilities
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
CVSS Score
1.2
EPSS Score
0.005
Published
2003-03-31
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
CVSS Score
7.5
EPSS Score
0.067
Published
2002-12-31
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
CVSS Score
10.0
EPSS Score
0.519
Published
2002-12-11
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
CVSS Score
2.1
EPSS Score
0.011
Published
2001-07-02
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
CVSS Score
10.0
EPSS Score
0.12
Published
2001-06-23
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
CVSS Score
7.2
EPSS Score
0.013
Published
2000-12-19
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
CVSS Score
2.1
EPSS Score
0.011
Published
2000-12-19
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
CVSS Score
7.5
EPSS Score
0.077
Published
2000-12-19
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
CVSS Score
5.0
EPSS Score
0.023
Published
2000-12-19
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
CVSS Score
5.0
EPSS Score
0.015
Published
2000-12-19


Contact Us

Shodan ® - All rights reserved