Samba: Security Vulnerabilities
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVSS Score
10.0
EPSS Score
0.596
Published
2004-07-27
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVSS Score
5.0
EPSS Score
0.153
Published
2004-07-27
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
CVSS Score
7.2
EPSS Score
0.005
Published
2004-03-15
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
CVSS Score
7.5
EPSS Score
0.021
Published
2004-03-03
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.01
Published
2004-02-03
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
CVSS Score
7.5
EPSS Score
0.063
Published
2003-12-31
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVSS Score
10.0
EPSS Score
0.068
Published
2003-05-05
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.769
Published
2003-05-05
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.861
Published
2003-03-31
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
CVSS Score
1.2
EPSS Score
0.003
Published
2003-03-31