Samba Samba Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Do you want an email whenever new security vulnerabilities are reported in any Samba product?

Products by Samba Sorted by Most Security Vulnerabilities since 2018

Samba56 vulnerabilities

Samba Rsync4 vulnerabilities

Samba Cifs Utils3 vulnerabilities

Samba Volume Service1 vulnerability

By the Year

In 2022 there have been 14 vulnerabilities in Samba with an average score of 7.1 out of ten. Last year Samba had 6 security vulnerabilities published. That is, 8 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.18.

Year Vulnerabilities Average Score
2022 14 7.14
2021 6 6.97
2020 13 6.58
2019 13 6.38
2018 14 6.62

It may take a day or so for new Samba vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samba Security Vulnerabilities

An issue was discovered in rsync before 3.2.5

CVE-2022-29154 7.4 - High - August 02, 2022

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

AuthZ

cifs-utils through 6.14, with verbose logging

CVE-2022-29869 5.3 - Medium - April 28, 2022

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

Exposure of Resource to Wrong Sphere

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)

CVE-2020-25721 8.8 - High - March 16, 2022

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Improper Input Validation

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections

CVE-2021-3738 8.8 - High - March 02, 2022

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

Dangling pointer

A flaw was found in the way samba implemented DCE/RPC

CVE-2021-23192 7.5 - High - March 02, 2022

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition

CVE-2021-44141 4.3 - Medium - February 21, 2022

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

insecure temporary file

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "

CVE-2021-44142 8.8 - High - February 21, 2022

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Out-of-bounds Read

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller)

CVE-2020-25718 8.8 - High - February 18, 2022

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

Incorrect Permission Assignment for Critical Resource

A flaw was found in the way Samba maps domain users to local users

CVE-2020-25717 8.1 - High - February 18, 2022

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Improper Input Validation

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication

CVE-2020-25719 7.2 - High - February 18, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

authentification

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data

CVE-2020-25722 8.8 - High - February 18, 2022

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

AuthZ

A flaw was found in the way samba implemented SMB1 authentication

CVE-2016-2124 5.9 - Medium - February 18, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

authentification

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to

CVE-2021-43566 2.5 - Low - January 11, 2022

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

Race Condition

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request)

CVE-2021-3671 6.5 - Medium - October 12, 2021

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

NULL Pointer Dereference

A flaw was found in rsync in versions since 3.2.0pre1

CVE-2020-14387 7.4 - High - May 27, 2021

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Improper Validation of Certificate with Host Mismatch

A flaw was found in samba

CVE-2020-27840 7.5 - High - May 12, 2021

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

A flaw was found in Samba's libldb

CVE-2021-20277 7.5 - High - May 12, 2021

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Memory Corruption

A flaw was found in samba

CVE-2021-20254 6.8 - Medium - May 05, 2021

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Out-of-bounds Read

A flaw was found in cifs-utils in versions before 6.13

CVE-2021-20208 6.1 - Medium - April 19, 2021

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.