Total vulnerabilities in the database
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
| Software | From | Fixed in |
|---|---|---|
| samba / samba | 3.0.19 | 3.0.19.x |
| samba / samba | 3.0.14a | 3.0.14a.x |
| samba / samba | 3.0.25-pre2 | 3.0.25-pre2.x |
| samba / samba | 3.0.2a | 3.0.2a.x |
| samba / samba | 3.0.21a | 3.0.21a.x |
| samba / samba | 3.0.25-rc1 | 3.0.25-rc1.x |
| samba / samba | 3.0.23 | 3.0.23.x |
| samba / samba | 3.0.20a | 3.0.20a.x |
| samba / samba | 3.0.21b | 3.0.21b.x |
| samba / samba | 3.0.0 | 3.0.0.x |
| samba / samba | 3.0.11 | 3.0.11.x |
| samba / samba | 3.0.13 | 3.0.13.x |
| samba / samba | 3.0.20b | 3.0.20b.x |
| samba / samba | 3.0.16 | 3.0.16.x |
| samba / samba | 3.0.17 | 3.0.17.x |
| samba / samba | 3.0.21 | 3.0.21.x |
| samba / samba | 3.0.14 | 3.0.14.x |
| samba / samba | 3.0.25-pre1 | 3.0.25-pre1.x |
| samba / samba | 3.0.21c | 3.0.21c.x |
| samba / samba | 3.0.23b | 3.0.23b.x |
| samba / samba | 3.0.25-rc3 | 3.0.25-rc3.x |
| samba / samba | 3.0.2 | 3.0.2.x |
| samba / samba | 3.0.12 | 3.0.12.x |
| samba / samba | 3.0.20 | 3.0.20.x |
| samba / samba | 3.0.18 | 3.0.18.x |
| samba / samba | 3.0.24 | 3.0.24.x |
| samba / samba | 3.0.10 | 3.0.10.x |
| samba / samba | 3.0.23d | 3.0.23d.x |
| samba / samba | 3.0.25-rc2 | 3.0.25-rc2.x |
| samba / samba | 3.0.23c | 3.0.23c.x |
| samba / samba | 3.0.15 | 3.0.15.x |
| samba / samba | 3.0.23a | 3.0.23a.x |
| samba / samba | 3.0.1 | 3.0.1.x |
| samba / samba | 3.0.22 | 3.0.22.x |