HP Security Bulletin HPSBUX03574 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause access restriction bypass, authentication bypass, Denial of Service (DoS), unauthorized access to files, access restriction bypass, or unauthorized information disclosure. Revision 1 of this advisory.
3425ca46ec9693308573785c2ac516d648f5b8e32172b2e8f2ba16ba7c8482b9
Gentoo Linux Security Advisory 201502-15 - Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code. Versions less than 3.6.25 are affected.
606c956ce8f163cd743c45062fd6201fce247d72cbe7bc650aed2d2440e1861b
Red Hat Security Advisory 2014-0009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
9153c8aeb19a4ad7c3bbc309c720fa69bb6d3177dc1120458ca05236e6c48a4a
Ubuntu Security Notice 2054-1 - It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length fields. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as the root user. Various other issues were also addressed.
37f80d54fa555acc23ea6eff4a37a7ea3dc8c6b393c21df3b217c7cb111faf5f
Red Hat Security Advisory 2013-1806-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
776f5e06aa1d59689b658d1881b9e89a5fcea991a6537bc63833095590381b35
Debian Linux Security Advisory 2812-1 - Two security issues were found in Samba, a SMB/CIFS file, print, and login server.
f999b212f4fc13361aae0ea94817b1f46dc2584eaa0f151337c38c12cae08445
Mandriva Linux Security Advisory 2013-278 - Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream. The updated packages has been upgraded to the 3.6.20 version which resolves various upstream bugs and is not vulnerable to this issue.
b31f82e0966c17284644296fbef37274eca0094d10a4659c90eb51bbaec2833c
Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Related CVE Numbers: CVE-2013-4475,CVE-2013-4476.
6077253fad54c06ed812c11cc13d9cb3628acec4c093751ec33306900bdd44f0