Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-4314

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Dec, 2008 | 15:00
Updated At-07 Aug, 2024 | 10:08
Rejected At-
Credits

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Dec, 2008 | 15:00
Updated At:07 Aug, 2024 | 10:08
Rejected At:
▼CVE Numbering Authority (CNA)

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/32494
vdb-entry
x_refsource_BID
http://secunia.com/advisories/32951
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/32919
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36281
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/50230
vdb-entry
x_refsource_OSVDB
http://marc.info/?l=bugtraq&m=125003356619515&w=2
vendor-advisory
x_refsource_HP
http://www.ubuntu.com/usn/USN-680-1
vendor-advisory
x_refsource_UBUNTU
http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
vendor-advisory
x_refsource_SUNALERT
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
vendor-advisory
x_refsource_SUSE
http://marc.info/?l=bugtraq&m=125003356619515&w=2
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1021287
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
vendor-advisory
x_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/3277
vdb-entry
x_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
vendor-advisory
x_refsource_SLACKWARE
http://us1.samba.org/samba/security/CVE-2008-4314.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/2245
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/32968
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0067
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
vendor-advisory
x_refsource_FEDORA
http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
x_refsource_CONFIRM
http://secunia.com/advisories/32813
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/32494
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/32951
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/32919
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36281
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/50230
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://marc.info/?l=bugtraq&m=125003356619515&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.ubuntu.com/usn/USN-680-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://marc.info/?l=bugtraq&m=125003356619515&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1021287
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.vupen.com/english/advisories/2008/3277
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://us1.samba.org/samba/security/CVE-2008-4314.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2009/2245
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/32968
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/0067
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32813
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/32494
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/32951
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/32919
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36281
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/50230
vdb-entry
x_refsource_OSVDB
x_transferred
http://marc.info/?l=bugtraq&m=125003356619515&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.ubuntu.com/usn/USN-680-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://marc.info/?l=bugtraq&m=125003356619515&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1021287
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.vupen.com/english/advisories/2008/3277
vdb-entry
x_refsource_VUPEN
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://us1.samba.org/samba/security/CVE-2008-4314.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2009/2245
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/32968
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/0067
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32813
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32494
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/32951
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/32919
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36281
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/50230
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125003356619515&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-680-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125003356619515&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021287
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3277
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://us1.samba.org/samba/security/CVE-2008-4314.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2245
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/32968
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0067
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32813
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Dec, 2008 | 15:30
Updated At:08 Mar, 2011 | 03:12

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.08.5HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:P
Type: Primary
Version: 2.0
Base score: 8.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:P
CPE Matches
Samba
samba
>>samba>>3.0.29
cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.30
cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.31
cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.32
cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.0.33
cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.2.0
cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.2.1
cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.2.2
cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.2.3
cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*
Samba
samba
>>samba>>3.2.4
cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-12-01T00:00:00

Not vulnerable. This issue did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=125003356619515&w=2secalert@redhat.com
N/A
http://osvdb.org/50230secalert@redhat.com
N/A
http://secunia.com/advisories/32813secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/32919secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/32951secalert@redhat.com
N/A
http://secunia.com/advisories/32968secalert@redhat.com
N/A
http://secunia.com/advisories/36281secalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1secalert@redhat.com
N/A
http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patchsecalert@redhat.com
N/A
http://us1.samba.org/samba/security/CVE-2008-4314.htmlsecalert@redhat.com
N/A
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.htmlsecalert@redhat.com
N/A
http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/32494secalert@redhat.com
N/A
http://www.securitytracker.com/id?1021287secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-680-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/3277secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/0067secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/2245secalert@redhat.com
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=125003356619515&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/50230
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/32813
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32919
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32951
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/32968
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/36281
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://us1.samba.org/samba/security/CVE-2008-4314.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/32494
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021287
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-680-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3277
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0067
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/2245
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2023-0614
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

Action-Not Available
Vendor-n/aSamba
Product-sambaSamba
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2017-12163
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.1||MEDIUM
EPSS-27.33% / 96.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Action-Not Available
Vendor-Debian GNU/LinuxSambaRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxsambaenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopgluster_storageSamba
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5330
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.16%
||
7 Day CHG~0.00%
Published-29 Dec, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5299
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-9.10% / 92.33%
||
7 Day CHG~0.00%
Published-29 Dec, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Action-Not Available
Vendor-n/aSambaDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxsamban/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-3800
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 16:38
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

Action-Not Available
Vendor-solaceappdynamicsnewrelicsynopsysyugabyteanyninesapigeepagerdutywavefrontsnykbluemedoradatadoghqsumologicdatastaxsignalsciencescontrastsecuritycyberarkdynatraceriverbedSplunk LLC (Cisco Systems, Inc.)TIBCO (Cloud Software Group, Inc.)IBM CorporationCloud FoundryGoogle LLCVMware (Broadcom Inc.)SambaMicrosoft CorporationForgeRock, Inc.
Product-single_sign-onedge_service_brokercloud_foundry_command_line_interfaceenterprise_service_brokerbusinessworks_buildpacklogmeservice_brokercloud_foundry_autoscaling_releaseconjur_service_brokerdb_enterpriseseeker_iast_service_brokerapplication_servicecloud_foundry_log_cache_releasemongodbgoogle_cloud_platform_service_brokercloud_foundry_command_line_interface_releasesteelcentral_appinternalscloud_foundry_deployment_concourse_tasksapplication_monitoringpostgresqlcloud_foundry_networking_releaseon_demand_service_brokercloud_foundry_deploymentpivotal_cloud_foundry_service_brokercloud_foundry_event_alertspubsub\+rabbitmqdotnet_extension_buildpackwavefront_by_vmware_nozzlecloud_foundry_healthwatchnozzleazure_log_analytics_nozzlerediselasticsearchapplication_performance_monitoringcloud_foundry_routing_releasecloud_foundry_smoke_testwebsphere_liberty_volume_servicemetric_registrar_releasecloud_foundry_notificationsapplication_analyticscredhub_service_broker_for_pcfplatform_montioringazure_service_brokermysqlCF CLICF CLI Release
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0817
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.86% / 85.72%
||
7 Day CHG~0.00%
Published-30 Jan, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-10919
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.05%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsambasamba
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-44141
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.51%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 00:00
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Action-Not Available
Vendor-n/aSambaFedora ProjectRed Hat, Inc.
Product-storagefedorasambaSamba
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-32742
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.92%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Action-Not Available
Vendor-n/aSamba
Product-sambasamba
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found