Security releases for Samba are listed below by their release date. The previously affected versions of Samba are listed alongside the appropriate security concern. For complete information, follow the link to full release notes for each release.
Samba Security Releases | |||||
---|---|---|---|---|---|
Date Issued | Download | Known Issue(s) | Affected Releases | CVE ID # | Details |
15 Jan 2013 | patch for Samba 4.0.0 | Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. | 4.0.0 | CVE-2013-0172 | Announcement |
30 Apr 2012 | patch for Samba 3.4.16 patch for Samba 3.5.14 patch for Samba 3.6.4 | Incorrect permission checks when granting/removing privileges can compromise file server security. | 3.4.x-3.6.4 | CVE-2012-2111 | Announcement |
10 Apr 2012 | patch for Samba 3.0.37 patch for Samba 3.2.15 patch for Samba 3.3.16 patch for Samba 3.4.15 patch for Samba 3.5.13 patch for Samba 3.6.3 | "root" credential remote code execution | all current releases | CVE-2012-1182 | Announcement |
23 Feb 2012 | patch for Samba 3.0 patch for Samba 3.2 patch for Samba 3.3 | Remote code execution vulnerability in smbd | pre-3.4 | CVE-2012-0870 | Announcement |
29 Jan 2012 | patch for Samba 3.6.2 | Memory leak/Denial of service | 3.6.0-3.6.2 | CVE-2012-0817 | Announcement |
26 Jul 2011 | patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 | Cross-Site Request Forgery in SWAT | all current releases | CVE-2011-2522 | Announcement |
26 Jul 2011 | patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 | Cross-Site Scripting vulnerability in SWAT | all current releases | CVE-2011-2694 | Announcement |
18 Feb 2011 | patch for Samba 3.3.14 patch for Samba 3.4.11 patch for Samba 3.5.6 | Denial of service - memory corruption | all current releases | CVE-2011-0719 | Announcement |
14 Sep 2010 | patch for Samba 3.3.13 patch for Samba 3.4.8 patch for Samba 3.5.4 | Buffer Overrun Vulnerability | all current releases | CVE-2010-3069 | Announcement |
16 Jun 2010 | patch for Samba 3.3.12 and 3.2.15 patch for Samba 3.0.37 | Memory Corruption Vulnerability | 3.0.x, 3.2.x, 3.3.0-3.3.12 | CVE-2010-2063 | Announcement |
08 Mar 2010 | patch for Samba 3.5.0 patch for Samba 3.4.6 patch for Samba 3.3.11 | Permission ignored | 3.3.11, 3.4.6, 3.5.0 | CVE-2010-0728 | Announcement |
02 Feb 2010 | not available | Change parameter "wide links" to default to "no" | pre-3.4.6 | CVE-2010-0926 | Announcement |
01 Oct 2009 | patch 1 for Samba 3.4.1 patch 2 for Samba 3.4.1 patch 1 for Samba 3.3.7 patch 2 for Samba 3.3.7 patch 1 for Samba 3.2.14 patch 2 for Samba 3.2.14 patch 1 for Samba 3.0.36 patch 2 for Samba 3.0.36 | Information disclosure by setuid mount.cifs | all releases | CVE-2009-2948 | Announcement |
01 Oct 2009 | patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 | Remote DoS against smbd on authenticated connections | all releases | CVE-2009-2906 | Announcement |
01 Oct 2009 | patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 | Misconfigured /etc/passwd file may share folders unexpectedly | > 3.0.11 | CVE-2009-2813 | Announcement |
23 Jun 2009 | patch for Samba 3.3.5 patch for Samba 3.2.12 patch for Samba 3.0.34 | Uninitialized read of a data value | Samba 3.0.31 - 3.3.5 | CVE-2009-1888 | Announcement |
23 Jun 2009 | patch for Samba 3.2.12 | Formatstring vulnerability in smbclient | Samba 3.2.0 - 3.2.12 | CVE-2009-1886 | Announcement |
05 Jan 2009 | patch for Samba 3.2.6 | Potential access to "/" in setups with registry shares enabled | Samba 3.2.0 - 3.2.6 | CVE-2009-0022 | Announcement |
27 Nov 2008 | patch for Samba 3.0.32 patch for Samba 3.2.4 | Potential leak of arbitrary memory contents | Samba 3.0.29 - 3.2.4 | CVE-2008-4314 | Announcement |
27 Aug 2008 | patch 1 for Samba 3.2.2 patch 2 for Samba 3.2.2 | Wrong permissions of group_mapping.ldb | Samba 3.2.0 - 3.2.2 | CVE-2008-3789 | Announcement |
29 May 2008 | patch for Samba 3.0.29 | Boundary failure when parsing SMB responses | Samba 3.0.0 - 3.0.29 | CVE-2008-1105 | Announcement |
10 Dec 2007 | patch for Samba 3.0.27a | Remote Code Execution in Samba's nmbd (send_mailslot()) | Samba 3.0.0 - 3.0.27a | CVE-2007-6015 | Announcement |
15 Nov 2007 | patch for Samba 3.0.26a | Remote Code Execution in Samba's nmbd | Samba 3.0.0 - 3.0.26a | CVE-2007-5398 | Announcement |
15 Nov 2007 | patch for Samba 3.0.26a | GETDC mailslot processing buffer overrun in nmbd | Samba 3.0.0 - 3.0.26a | CVE-2007-4572 | Announcement |
11 Sep 2007 | patch for Samba 3.0.25 | Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin. | Samba 3.0.25 - 3.0.25c | CVE-2007-4138 | Announcement |
14 May 2007 | patch for Samba 3.0.24 | Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list). | Samba 3.0.0 - 3.0.25rc3 | CVE-2007-2447 | Announcement |
14 May 2007 | patch for Samba 3.0.24 | Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code). | Samba 3.0.0 - 3.0.25rc3 | CVE-2007-2446 | Announcement |
14 May 2007 | patch for Samba 3.0.24 | Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter). | Samba 3.0.23d - 3.0.25pre2 | CVE-2007-2444 | Announcement |
5 Feb 2007 | patch for Samba 3.0.23d | Potential Denial of Service bug in smbd | Samba 3.0.6 - 3.0.23d | CVE-2007-0452 | Announcement |
5 Feb 2007 | patch for Samba 3.0.23d | Buffer overrun in NSS host lookup Winbind library on Solaris | Samba 3.0.21 - 3.0.23d | CVE-2007-0453 | Announcement |
5 Feb 2007 | patch for Samba 3.0.23d | Format string bug in afsacl.so VFS plugin | Samba 3.0.6 - 3.0.23d | CVE-2007-0454 | Announcement |
10 July 2006 | patch for Samba 3.0.1 - 3.0.22 | Memory exhaustion DoS against smbd | Samba 3.0.1 - 3.0.22 | CVE-2006-3403 | Announcement |
30 March 2006 | patch for Samba 3.0.21[a-c] | Exposure of machine account credentials in winbind log files | Samba 3.0.21 - 3.0.21c | CVE-2006-1059 | Announcement |
16 December 2004 | patch for Samba 3.0.9 | Integer Overflow in security descriptor parsing | Samba 2.x, 3.0.x <= 3.0.9 | CVE-2004-1154 | Announcement |
15 November 2004 | patch for <=Samba 3.0.7 | Buffer Overrun in smbd | Samba 3.0.x <= 3.0.7 | CVE-2004-0882 | Announcement |
8 November 2004 | patch for <=Samba 3.0.7 | Remote DoS | Samba 3.0.x <= 3.0.7 | CVE-2004-0930 | Announcement |
30 September 2004 | Samba 2.2.12 and/or patch for <=Samba 3.0.2a | Potential arbitrary file access | Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a | CVE-2004-0815 | Announcement |
13 Sept 2004 | 3.0.5 patch | Two DoS bugs; one affecting smbd, the other nmbd. | 3.0.x <= 3.0.6 | CVE-2004-0807, CVE-2004-0808 | Announcement |
22 Jul 2004 | 3.0.5 | Two potential buffer overruns | >=3.0.2 | CVE-2004-0600, CVE-2004-0686 | CVE-2004-0600 Announcement CVE-2004-0686 Announcement |
22 Jul 2004 | 2.2.10 | Buffer overrun in hash mangling method | all 2.2 releases | CVE-2004-0686 | release notes |
9 Feb 2004 | 3.0.2a | Password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. | >=3.0.0 | CVE-2004-0082 | Announcement |
7 Apr 2003 | 2.2.8a | Buffer overrun condition in the SMB/CIFS packet fragment re-assembly code. | all 2.0 releases and <= 2.2.8 | CVE-2003-0196, CVE-2003-0201 | release notes |
10 Dec 2002 | 2.2.7a | Bug in the length checking for encrypted password change requests from clients. | 2.2.2 - 2.2.6 | CVE-2003-0085 | release notes |
23 Jun 2001 | 2.2.0a | Bug in expansion of certain smb.conf variables such as %m that could grant an attacker the capability to overwrite arbitrary files on the server. Bug that causes smbd not to honor the hosts allow and deny smb.conf directives. | 2.2.0 |   | release notes |
23 Jun 2001 | 2.0.10 | Bug in the handling of temporary files that allows local users to destroy data on local devices. | >= 2.0.0 |   | release notes |
If you suspect you have discovered a serious security hole in a Samba release, please send an email to security@samba.org.