Displaying 20 results from an estimated 2000 matches similar to: "Samba Security Announcement -- Potential Arbitrary File Access"
2004 Sep 30
0
Samba Security Announcement -- Potential Arbitrary File Access
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Potential Arbitrary File Access
Affected
Versions: Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5
Summary: A remote attacker may be able to gain access
to files which exist outside of the share's
defined path. Such files must still be readable
by the account used for the connection.
Patch Availability
- ------------------
2004 Oct 05
0
ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ERRATA
- ------
The original announcement for the Samba vulnerability identified
by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5
inclusive were subject the remote file access bug. Later research
has confirmed that *only* Samba 3.0.x <= 3.0.2a contains the
exploitable code.
The Samba Team expresses sincere apologies for any confusion
2004 Oct 05
0
ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ERRATA
- ------
The original announcement for the Samba vulnerability identified
by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5
inclusive were subject the remote file access bug. Later research
has confirmed that *only* Samba 3.0.x <= 3.0.2a contains the
exploitable code.
The Samba Team expresses sincere apologies for any confusion
2004 Nov 08
0
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Potential Remote Denial of Service
CVE #: CAN-2004-0930
Affected
Versions: Samba 3.0.x <= 3.0.7
Summary: A remote attacker could cause and smbd process
to consume abnormal amounts of system resources
due to an input validation error when matching
filenames containing wildcard characters.
Patch Availability
- ------------------
A
2004 Sep 30
0
SECURITY: Samba 2.2.12 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
######################## SECURITY RELEASE ########################
Summary: Potential Arbitrary File Access
Summary: A remote attacker may be able to gain
to files which exist outside of the share's
defined path. Such files must still be readable
by the account used for the connection.
CVE ID: CAN-2004-0815
2004 Sep 30
0
SECURITY: Samba 2.2.12 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
######################## SECURITY RELEASE ########################
Summary: Potential Arbitrary File Access
Summary: A remote attacker may be able to gain
to files which exist outside of the share's
defined path. Such files must still be readable
by the account used for the connection.
CVE ID: CAN-2004-0815
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Samba 3.0.x Denial of Service Flaw
Summary: (i) A DoS bug in smbd may allow an
unauthenticated user to cause smbd to
spawn new processes each one entering
an infinite loop. After sending a sufficient
amount of packets it is possible to exhaust
the memory resources on the server.
(ii) A DoS bug in nmbd may allow an attacker
to
2004 Sep 13
0
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Samba 3.0.x Denial of Service Flaw
Summary: (i) A DoS bug in smbd may allow an
unauthenticated user to cause smbd to
spawn new processes each one entering
an infinite loop. After sending a sufficient
amount of packets it is possible to exhaust
the memory resources on the server.
(ii) A DoS bug in nmbd may allow an attacker
to
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Remote Command Injection Vulnerability
== CVE ID#: CVE-2007-2447
==
== Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive)
==
== Summary: Unescaped user input parameters are passed
== as arguments to /bin/sh allowing for remote
== command execution
2004 Dec 16
1
CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Possible remote code execution
== CVE ID#: CAN-2004-1154
==
== Versions: Samba 2.x & 3.0.x <= 3.0.9
==
== Summary: A potential integer overflow when
== unmarshalling specific MS-RPC requests
== from clients could lead to heap
== corruption and remote code execution.
2004 Dec 16
0
CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Possible remote code execution
== CVE ID#: CAN-2004-1154
==
== Versions: Samba 2.x & 3.0.x <= 3.0.9
==
== Summary: A potential integer overflow when
== unmarshalling specific MS-RPC requests
== from clients could lead to heap
== corruption and remote code execution.
2009 Jun 29
0
Lots of "smbd/vfs.c:reduce_name(985)" in log.smbd
Hi.
I subscripted just now to the mailing list, but I've been using a Samba file
server (PDC) on Debian for about 2.5 years now. Users are almost all WinXP
SP3.
No users are complaining but since I changed everything to one share with
group permission on underlying directories I see a lot of errors in
log.smbd. Anyone knows what the log message exactly means?
I guess it has something to
2008 Aug 21
0
Group member can not delete files - only dir (775) owner can
Hi there,
I have a problem I can not solve myself.
I have samba 3.0.28 installed on a Ubuntu 8.0.4 server.
Samba is a member of AD. Authentication is kerberos, user- / group ids are
handled by nis (Windows 2008 SFU / NIS Server).
My Samba config:
[global]
write list = admin,rado,@Administratoren
deny hosts = 0.0.0.0/0.0.0.0
client schannel = No
allow hosts = localhost,
2011 May 11
0
Problem with listing a share
Hi,
I have a strange problem listing a share with, e.g.
# ls -al /path/to/share
I have a samba-client-3.5.4-68.el6_0.2.x86_64 on a Scientific Linux 6
(as a virtual machine - if it matters) and an samba-3.0.33-0.30.el4
server on a RHEL4. When I try the listed command I get the following in
the servers logfile (on log lever = 3):
[2011/04/29 16:29:39, 3, effective(0, 0), real(0, 0)]
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
2005 Jun 09
0
read-only file problem
Hi,
I have a little problem :
Some user have problem with file is read-only mode
But all unix acl and posix acl are correct :
ls -l
drwxrwx---+ 19 root Utilisateurs 4096 jun 9 11:33 STEPHANE
-rwxrwx---+ 1 root Utilisateurs 1027584 jun 7 14:33 dossier
fraise.ppt
getfacl: Removing leading '/' from absolute path names
# file:
2003 Apr 08
0
[labs@idefense.com: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x]
FYI
-------------- next part --------------
An embedded message was scrubbed...
From: "iDEFENSE Labs" <labs@idefense.com>
Subject: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP
Server 2.x
Date: Tue, 8 Apr 2003 12:44:39 -0400
Size: 4554
Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030408/43598086/attachment.eml
2004 Nov 27
0
Samba 3.x problem setting up DFS and XP2
Hi,
i tried to running Samba 3.0.9 with MSDFS under Linux 2.6.9.
The normal sharing of Directories to the Target-Server (also Samba with
same version and Linux) run's without problems.
Only the dfs-share to the same Samba-Server is not usable. The
Share-Name self is visible but without cointain.
I have compiled the new source with the "--with-msdfs" switch and have
also check the
2004 Oct 29
1
Directory perms not visible from Properties|Security on clients
Samba 3.0.7, XP Pro SP1 clients
When I view the "Properties|Security" tab on a folder from my XP SP1
clients, the checkboxes indicating the various permission settings are
all empty.
The share is functioning fine otherwise, permissions are OK when
inspected from the Unix side.
Does anyone know a work around (or fix!)?
This came up back in 2003, without resolution:
2008 Oct 03
1
Problems with Share Modes "fill_share_mode_lock failed"
Hi, my details:
Server: 3.2.3
Client: win2k8
When I try list contents of a shared directory through an ASP script
(win2k8 is the client), it's take much time and on samba I saw many
times (4 times for each file) the same error: "fill_share_mode_lock
failed"
I tried "shares mode = No" but no success
It's the log:
...:49, 3]