FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba46 <= 4.6.16
samba47 <= 4.7.12
samba48 < 4.8.12
samba49 < 4.9.8
samba410 < 4.10.3

Details

VuXML ID 793a0072-7822-11e9-81e2-005056a311d1
Discovery 2019-05-14
Entry 2019-05-14

The samba project reports:

The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target (client) principal

[source]

Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share.

[source]

References

CVE Name CVE-2018-16860
CVE Name CVE-2019-3880
URL https://www.samba.org/samba/security/CVE-2018-16860.html
URL https://www.samba.org/samba/security/CVE-2019-3880.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.