1 <!--#include virtual="/samba/header.html" -->
2 <title>Samba - Security Updates and Information</title>
3 <!--#include virtual="header_history.html" -->
5 <h2>Samba Security Releases</h2>
7 <p>Security releases for Samba are listed below by their release
8 date. The previously affected versions of Samba are listed alongside
9 the appropriate security concern. For complete information, follow the
10 link to full release notes for each release.</p>
14 <th colspan="6">Samba Security Releases</th>
16 <td><em>Date Issued</em></td>
17 <td><em>Download</em></td>
18 <td><em>Known Issue(s)</em></td>
19 <td><em>Affected Releases</em></td>
20 <td><em>CVE ID #</em></td>
21 <td><em>Details</em></td>
25 <td>27 August 2008</td>
26 <td><a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch">
27 patch 1 for Samba 3.2.2</a>
28 <a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch">
29 patch 2 for Samba 3.2.2</a></td>
30 <td>Wrong permissions of group_mapping.ldb</td>
31 <td>Samba 3.2.0 - 3.2.2</td>
32 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
33 <td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td>
38 <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
39 <td>Boundary failure when parsing SMB responses</td>
40 <td>Samba 3.0.0 - 3.0.29</td>
41 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
42 <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
47 <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
48 <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>
49 <td>Samba 3.0.0 - 3.0.27a</td>
50 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
51 <td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td>
56 <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
57 <td>Remote Code Execution in Samba's nmbd</td>
58 <td>Samba 3.0.0 - 3.0.26a</td>
59 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
60 <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
65 <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
66 <td>GETDC mailslot processing buffer overrun in nmbd</td>
67 <td>Samba 3.0.0 - 3.0.26a</td>
68 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
69 <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
74 <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
75 <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
76 <td>Samba 3.0.25 - 3.0.25c</td>
77 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
78 <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
83 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
84 <td>Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list).</td>
85 <td>Samba 3.0.0 - 3.0.25rc3</td>
86 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
87 <td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
92 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
93 <td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
94 <td>Samba 3.0.0 - 3.0.25rc3</td>
95 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
96 <td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
101 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
102 <td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter).</td>
103 <td>Samba 3.0.23d - 3.0.25pre2</td>
104 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
105 <td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td>
110 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td>
111 <td>Potential Denial of Service bug in smbd</td>
112 <td>Samba 3.0.6 - 3.0.23d</td>
113 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
114 <td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td>
119 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td>
120 <td>Buffer overrun in NSS host lookup Winbind library on Solaris</td>
121 <td>Samba 3.0.21 - 3.0.23d</td>
122 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
123 <td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td>
128 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td>
129 <td>Format string bug in afsacl.so VFS plugin</td>
130 <td>Samba 3.0.6 - 3.0.23d</td>
131 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
132 <td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td>
136 <td>10 July 2006</td>
137 <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
138 <td>Memory exhaustion DoS against smbd</td>
139 <td>Samba 3.0.1 - 3.0.22</td>
140 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
141 <td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td>
146 <td>30 March 2006</td>
147 <td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
148 <td>Exposure of machine account credentials in winbind log files</td>
149 <td>Samba 3.0.21 - 3.0.21c</td>
150 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
151 <td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td>
155 <td>16 December 2004</td>
156 <td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td>
157 <td>Integer Overflow in security descriptor parsing</td>
158 <td>Samba 2.x, 3.0.x <= 3.0.9</td>
159 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
160 <td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td>
165 <td>15 November 2004</td>
166 <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for <=Samba 3.0.7</a></td>
167 <td>Buffer Overrun in smbd</td>
168 <td>Samba 3.0.x <= 3.0.7</td>
169 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
170 <td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td>
174 <td>8 November 2004</td>
175 <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for <=Samba 3.0.7</a></td>
177 <td>Samba 3.0.x <= 3.0.7</td>
178 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
179 <td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td>
183 <td>30 September 2004</td>
184 <td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for <=Samba 3.0.2a</a></td>
185 <td>Potential arbitrary file access</td>
186 <td>Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a</td>
187 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
188 <td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td>
193 <td>13 Sept 2004</td>
194 <td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td>
195 <td>Two DoS bugs; one affecting smbd, the other nmbd.</td>
196 <td>3.0.x <= 3.0.6</td>
197 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
198 <td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td>
203 <td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td>
204 <td>Two potential buffer overruns</td>
206 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>,
207 <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
209 <td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a>
210 <a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td>
215 <td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td>
216 <td>Buffer overrun in hash mangling method</td>
217 <td>all 2.2 releases</td>
218 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
220 <td><a href="/samba/history/samba-2.2.10.html">release notes</a></td>
225 <td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">3.0.2a</a></td>
226 <td align="left">Password initialization bug that could grant
227 an attacker unauthorized
228 access to a user account created by the mksmbpasswd.sh shell script.</td>
231 href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
232 <td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td>
237 <td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">2.2.8a</a></td>
238 <td>Buffer overrun condition in the SMB/CIFS packet fragment
239 re-assembly code.</td>
240 <td>all 2.0 releases and <= 2.2.8</td>
241 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
242 <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
243 <td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td>
248 <td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">2.2.7a</a></td>
249 <td>Bug in the length checking for encrypted password change
250 requests from clients.</td>
251 <td>2.2.2 - 2.2.6</td>
252 <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
253 <td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td>
258 <td><a href="/samba/ftp/old-versions/samba-2.2.0a.tar.gz">2.2.0a</a></td>
259 <td>Bug in expansion of certain smb.conf variables such as
260 %m that could grant an attacker the capability to overwrite arbitrary
261 files on the server. Bug that causes smbd not to honor the hosts allow
262 and deny smb.conf directives.</td>
265 <td><a href="/samba/history/samba-2.2.0a.html">release notes</a></td>
270 <td><a href="/samba/ftp/old-versions/samba-2.0.10.tar.gz">2.0.10</a></td>
271 <td>Bug in the handling of temporary files that allows local
272 users to destroy data on local devices.</td>
275 <td><a href="/samba/history/samba-2.0.10.html">release notes</a></td>
280 <p><em>If you suspect you have discovered a serious security hole in a
281 Samba release, please send an email to <a
282 href="mailto:security@samba.org">security@samba.org</a>.</em></p>
284 <!--#include virtual="footer_history.html" -->