#samba

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Organizations can defend themselves from future unknows attacks by implementing targeted security hardening measures, turning on built-in security protections, and leveraging existing technology stack to achieve microsegmentation and credential hygiene.

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.