Jeremy Allison

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.0.0 and later **Description** The issue is related to a denial of service attack when the RPC spoolss service is configured to run as an external daemon. Missing input sanitization checks on some input parameters to spoolss RPC calls could cause the print spooler service to crash, allowing a remote attacker to disrupt the service. This is due to the lack of input validation for certain parameters in the spoolss RPC calls. **Recommendations** For Samba versions 4.0.0 and later, consider disabling the RPC spoolss service or restricting its use as an external daemon until a fix is available. As a temporary workaround, restrict access to the spoolss RPC calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 4.1.22 Samba versions 4.2.x through 4.2.8 Samba versions 4.3.x through 4.3.5 Samba versions 4.4.x through 4.4.0rc3 **Description** The issue is related to the implementation of SMB1 in the smbd component of the Samba file system, which is associated with inadequate access control. This allows remote authenticated users to modify arbitrary access control lists (ACLs) by utilizing a UNIX SMB1 call to create a symbolic link, and then using a non-UNIX SMB1 call to write to the ACL content. **Recommendations** For Samba versions 3.x, update to version 4.1.23 or later. For Samba versions 4.2.x, update to version 4.2.9 or later. For Samba versions 4.3.x, update to version 4.3.6 or later. For Samba versions 4.4.x, update to version 4.4.0rc4 or later.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.3.11 Samba versions 3.4.x prior to 3.4.6 Samba versions 3.5.x prior to 3.5.0rc3 **Description** The default configuration of smbd in Samba allows remote authenticated users to access arbitrary files by leveraging a directory traversal issue. This is achieved by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. **Recommendations** For Samba versions prior to 3.3.11, update to version 3.3.11 or later. For Samba versions 3.4.x prior to 3.4.6, update to version 3.4.6 or later. For Samba versions 3.5.x prior to 3.5.0rc3, update to version 3.5.0rc3 or later.

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.x through 3.0.34 Samba versions 3.1.x through 3.2.12 Samba versions 3.3.x through 3.3.5 Description: The issue allows remote attackers to modify access control lists for files. This is related to read access to uninitialized memory when dos filemode is enabled. Recommendations: For Samba versions 3.0.x through 3.0.34, update to version 3.0.35 or later. For Samba versions 3.1.x through 3.2.12, update to version 3.2.13 or later. For Samba versions 3.3.x through 3.3.5, update to version 3.3.6 or later.

Name of the Vulnerable Software and Affected Versions: Samba versions 3.2.0 through 3.2.12 Description: The issue is related to multiple format string vulnerabilities in the client/client.c file of smbclient. These vulnerabilities might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. Recommendations: For Samba versions 3.2.0 through 3.2.12, update to a version outside of this range to mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to a buffer overflow in the SMB capability, which can be exploited by remote attackers. This can lead to a denial of service and potentially allow the execution of arbitrary code. The attack is carried out via an SMB packet that specifies a smaller buffer length than is required. Recommendations: For Microsoft Windows XP, 2000, and NT, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.