Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3792-1:C399F
HistoryApr 22, 2024 - 3:05 p.m.

[SECURITY] [DLA 3792-1] samba security update

2024-04-2215:05:00
lists.debian.org
22
samba
vulnerabilities
debian 10

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

8.3

Confidence

Low

EPSS

0.043

Percentile

92.5%

JSON

Debian LTS Advisory DLA-3792-1 [email protected]
https://www.debian.org/lts/security/ Santiago Ruano Rincón
April 22, 2024 https://wiki.debian.org/LTS

Package : samba
Version : 2:4.9.5+dfsg-5+deb10u5
CVE ID : CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2022-2127
CVE-2022-3437 CVE-2022-32742 CVE-2023-4091

Several vulnerabilities were discovered in Samba, SMB/CIFS file,
print, and login server for Unix

CVE-2020-14318

Missing handle permissions check in ChangeNotify

CVE-2020-14323

Unprivileged user can crash winbind via invalid lookupsids DoS

CVE-2020-14383

DNS server crash via invalid records resulting from uninitialized
variables

CVE-2022-2127

Out-of-bounds read in winbind AUTH_CRAP

CVE-2022-3437

Heimdal des/des3 heap-based buffer overflow

CVE-2022-32742

Server memory information leak via SMB1

CVE-2023-4091

Client can truncate files even with read-only permissions

For Debian 10 buster, these problems have been fixed in version
2:4.9.5+dfsg-5+deb10u5.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/samba

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian12i386python3-samba-dbgsym< 2:4.17.10+dfsg-0+deb12u1python3-samba-dbgsym_2:4.17.10+dfsg-0+deb12u1_i386.deb
Debian11armhflibkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_armhf.deb
Debian11mips64elsamba-common-bin< 2:4.13.13+dfsg-1~deb11u6samba-common-bin_2:4.13.13+dfsg-1~deb11u6_mips64el.deb
Debian9amd64samba-testsuite< 2:4.5.16+dfsg-1+deb9u3samba-testsuite_2:4.5.16+dfsg-1+deb9u3_amd64.deb
Debian11armellibnss-winbind-dbgsym< 2:4.13.13+dfsg-1~deb11u5libnss-winbind-dbgsym_2:4.13.13+dfsg-1~deb11u5_armel.deb
Debian12i386samba-common-bin-dbgsym< 2:4.17.12+dfsg-0+deb12u1samba-common-bin-dbgsym_2:4.17.12+dfsg-0+deb12u1_i386.deb
Debian11mips64elheimdal-kdc< 7.7.0+dfsg-2+deb11u2heimdal-kdc_7.7.0+dfsg-2+deb11u2_mips64el.deb
Debian12armelsamba-dsdb-modules-dbgsym< 2:4.17.12+dfsg-0+deb12u1samba-dsdb-modules-dbgsym_2:4.17.12+dfsg-0+deb12u1_armel.deb
Debian12arm64libldb2< 2:2.6.2+samba4.17.10+dfsg-0+deb12u1libldb2_2:2.6.2+samba4.17.10+dfsg-0+deb12u1_arm64.deb
Debian11amd64heimdal-multidev-dbgsym< 7.7.0+dfsg-2+deb11u2heimdal-multidev-dbgsym_7.7.0+dfsg-2+deb11u2_amd64.deb
Rows per page:
1-10 of 20541

Related

openvas 46
osv 13
nessus 67
freebsd 1
fedora 2
mageia 1
ubuntu 2
suse 4
altlinux 1
gentoo 1
ibm 5
amazon 6
almalinux 2
f5 1
centos 1
rocky 2
oraclelinux 4
redhat 6
debian 2
prion 1
cvelist 1
vulnrichment 3
alpinelinux 3
redhatcve 4
debiancve 3
nvd 4
ubuntucve 3
samba 2
veracode 3
cve 3
cbl_mariner 2
openvas
openvas
Debian: Security Advisory (DLA-3792-1)
2024-04-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3082-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1423)
2021-03-05 00:00:00
osv
osv
samba - security update
2024-04-22 00:00:00
samba vulnerabilities
2020-11-02 13:56:36
samba vulnerabilities
2021-05-03 20:44:00
nessus
nessus
Debian dla-3792 : ctdb - security update
2024-04-23 00:00:00
EulerOS Virtualization 3.0.2.6 : samba (EulerOS-SA-2021-1423)
2021-03-10 00:00:00
Samba 3.6.x < 4.11.15 / 4.12.x < 4.12.9 / 4.13.x < 4.13.1 Multiple Vulnerabilities
2020-11-04 00:00:00
freebsd
freebsd
samba -- Multiple Vulnerabilities
2020-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: samba-4.12.10-0.fc32
2020-11-10 01:29:57
[SECURITY] Fedora 33 Update: samba-4.13.1-0.fc33
2020-11-03 01:01:17
mageia
mageia
Updated samba packages fix security vulnerabilities
2020-11-10 18:20:00
ubuntu
ubuntu
Samba vulnerabilities
2020-11-02 00:00:00
Samba vulnerabilities
2021-05-03 00:00:00
suse
suse
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (moderate)
2022-08-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.12.9-alt1
2020-10-29 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-12-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method.
2021-01-25 05:03:53
Security Bulletin: Multiple vulnerabilities found in Spectrum Scale affect IBM Cloud Pak System
2021-05-19 17:27:44
Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318
2020-11-11 20:50:06
amazon
amazon
Medium: samba
2023-11-29 23:18:00
Medium: samba
2023-11-29 22:20:00
Critical: samba
2021-01-05 23:34:00
almalinux
almalinux
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
Moderate: samba security and bug fix update
2022-10-25 00:00:00
f5
f5
K93951507 : Multiple Samba vulnerabilities
2021-04-06 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2020-12-18 00:19:11
rocky
rocky
samba security, bug fix, and enhancement update
2021-05-18 05:44:25
samba security and bug fix update
2022-10-25 07:24:06
oraclelinux
oraclelinux
samba security and bug fix update
2020-12-16 00:00:00
samba security, bug fix, and enhancement update
2021-05-25 00:00:00
samba security, bug fix, and enhancement update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2020:5439) Moderate: samba security and bug fix update
2020-12-15 09:01:31
(RHSA-2021:1647) Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
(RHSA-2021:3723) Moderate: samba security, bug fix and enhancement update
2021-10-05 04:55:51
debian
debian
[SECURITY] [DSA 5647-1] samba security update
2024-03-24 20:22:16
[SECURITY] [DLA 2463-1] samba security update
2020-11-23 03:18:54
prion
prion
Design/Logic Flaw
2020-12-02 01:15:00
cvelist
cvelist
CVE-2020-14383
2020-12-02 00:00:00
vulnrichment
vulnrichment
CVE-2020-14383
2020-12-02 00:00:00
CVE-2020-14318
2020-12-03 00:00:00
CVE-2020-14323
2020-10-29 00:00:00
alpinelinux
alpinelinux
CVE-2020-14323
2020-10-29 20:15:17
CVE-2020-14383
2020-12-02 01:15:12
CVE-2020-14318
2020-12-03 16:15:12
redhatcve
redhatcve
CVE-2020-14383
2020-10-29 11:29:29
CVE-2020-14318
2020-10-29 11:29:24
CVE-2020-14323
2020-10-29 11:29:25
debiancve
debiancve
CVE-2020-14383
2020-12-02 01:15:12
CVE-2022-32742
2022-08-25 18:15:10
CVE-2020-14323
2020-10-29 20:15:17
nvd
nvd
CVE-2020-14383
2020-12-02 01:15:12
CVE-2020-14323
2020-10-29 20:15:17
CVE-2020-14318
2020-12-03 16:15:12
ubuntucve
ubuntucve
CVE-2020-14323
2020-10-29 00:00:00
CVE-2020-14383
2020-10-29 00:00:00
CVE-2022-32742
2022-07-27 00:00:00
samba
samba
Unprivileged user can crash winbind
2020-10-29 00:00:00
An authenticated user can crash the DCE/RPC DNS with
2020-10-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-11-09 05:15:44
Information Disclosure
2020-11-09 05:13:20
Information Disclosure
2022-08-04 03:05:51
cve
cve
CVE-2020-14383
2020-12-02 01:15:12
CVE-2022-32742
2022-08-25 18:15:10
CVE-2020-14323
2020-10-29 20:15:17
cbl_mariner
cbl_mariner
CVE-2020-14383 affecting package samba 4.12.5-6
2024-09-30 03:52:42
CVE-2020-14323 affecting package samba 4.12.5-6
2024-09-30 03:52:42

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

8.3

Confidence

Low

EPSS

0.043

Percentile

92.5%

JSON
Related for DEBIAN:DLA-3792-1:C399F
openvas46osv13nessus67freebsd1fedora2mageia1ubuntu2suse4altlinux1gentoo1ibm5amazon6almalinux2f51centos1rocky2oraclelinux4redhat6debian2prion1cvelist1vulnrichment3alpinelinux3redhatcve4debiancve3nvd4ubuntucve3samba2veracode3cve3cbl_mariner2