1 <!--#include virtual="/samba/header.html" -->
2 <title>Samba - Security Updates and Information</title>
3 <!--#include virtual="header_history.html" -->
5 <h2>Samba Security Releases</h2>
7 <p>Security releases for Samba are listed below by their release
8 date. The previously affected versions of Samba are listed alongside
9 the appropriate security concern. For complete information, follow the
10 link to full release notes for each release.</p>
14 <th colspan="6">Samba Security Releases</th>
16 <td><em>Date Issued</em></td>
17 <td><em>Download</em></td>
18 <td><em>Known Issue(s)</em></td>
19 <td><em>Affected Releases</em></td>
20 <td><em>CVE ID #</em></td>
21 <td><em>Details</em></td>
26 <td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
27 patch for Samba 3.3.12 and 3.2.15</a>
28 <a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch">
29 patch for Samba 3.0.37</a>
30 <td>Memory Corruption Vulnerability</td>
31 <td>3.0.x, 3.2.x, 3.3.0-3.3.12</td>
32 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2063">CVE-2010-2063</a></td>
33 <td><a href="/samba/security/CVE-2010-2063.html">Announcement</a></td>
38 <td><a href="/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch">
39 patch for Samba 3.5.0</a>
40 <a href="/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch">
41 patch for Samba 3.4.6</a>
42 <a href="/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch">
43 patch for Samba 3.3.11</a>
44 <td>Permission ignored</td>
45 <td>3.3.11, 3.4.6, 3.5.0</td>
46 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728">CVE-2010-0728</a></td>
47 <td><a href="/samba/security/CVE-2010-0728.html">Announcement</a></td>
52 <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch">
53 patch 1 for Samba 3.4.1</a>
54 <a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-2.patch">
55 patch 2 for Samba 3.4.1</a>
56 <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-1.patch">
57 patch 1 for Samba 3.3.7</a>
58 <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-2.patch">
59 patch 2 for Samba 3.3.7</a>
60 <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-1.patch">
61 patch 1 for Samba 3.2.14</a>
62 <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-2.patch">
63 patch 2 for Samba 3.2.14</a>
64 <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-1.patch">
65 patch 1 for Samba 3.0.36</a>
66 <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-2.patch">
67 patch 2 for Samba 3.0.36</a>
68 <td>Information disclosure by setuid mount.cifs</td>
70 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td>
71 <td><a href="/samba/security/CVE-2009-2948.html">Announcement</a></td>
76 <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2906.patch">
77 patch for Samba 3.4.1</a>
78 <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2906.patch">
79 patch for Samba 3.3.7</a>
80 <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2906.patch">
81 patch for Samba 3.2.14</a>
82 <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2906.patch">
83 patch for Samba 3.0.36</a>
84 <td>Remote DoS against smbd on authenticated connections</td>
86 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td>
87 <td><a href="/samba/security/CVE-2009-2906.html">Announcement</a></td>
93 <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2813.patch">
94 patch for Samba 3.4.1</a>
95 <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2813.patch">
96 patch for Samba 3.3.7</a>
97 <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2813.patch">
98 patch for Samba 3.2.14</a>
99 <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2813.patch">
100 patch for Samba 3.0.36</a>
101 <td>Misconfigured /etc/passwd file may share folders unexpectedly</td>
103 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td>
104 <td><a href="/samba/security/CVE-2009-2813.html">Announcement</a></td>
110 <td><a href="/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch">
111 patch for Samba 3.3.5</a>
112 <a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch">
113 patch for Samba 3.2.12</a>
114 <a href="/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch">
115 patch for Samba 3.0.34</a>
116 <td>Uninitialized read of a data value</td>
117 <td>Samba 3.0.31 - 3.3.5</td>
118 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td>
119 <td><a href="/samba/security/CVE-2009-1888.html">Announcement</a></td>
125 <td><a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch">
126 patch for Samba 3.2.12</a>
127 <td>Formatstring vulnerability in smbclient</td>
128 <td>Samba 3.2.0 - 3.2.12</td>
129 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td>
130 <td><a href="/samba/security/CVE-2009-1886.html">Announcement</a></td>
136 <td><a href="/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch">
137 patch for Samba 3.2.6</a>
138 <td>Potential access to "/" in setups with registry shares enabled</td>
139 <td>Samba 3.2.0 - 3.2.6</td>
140 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td>
141 <td><a href="/samba/security/CVE-2009-0022.html">Announcement</a></td>
145 <td><a href="/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch">
146 patch for Samba 3.0.32</a>
147 <a href="/samba/ftp/patches/security/samba-3.2.4-CVE-2008-4314.patch">
148 patch for Samba 3.2.4</a></td>
149 <td>Potential leak of arbitrary memory contents</td>
150 <td>Samba 3.0.29 - 3.2.4</td>
151 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td>
152 <td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td>
157 <td><a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch">
158 patch 1 for Samba 3.2.2</a>
159 <a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch">
160 patch 2 for Samba 3.2.2</a></td>
161 <td>Wrong permissions of group_mapping.ldb</td>
162 <td>Samba 3.2.0 - 3.2.2</td>
163 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
164 <td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td>
169 <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
170 <td>Boundary failure when parsing SMB responses</td>
171 <td>Samba 3.0.0 - 3.0.29</td>
172 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
173 <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
178 <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
179 <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>
180 <td>Samba 3.0.0 - 3.0.27a</td>
181 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
182 <td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td>
187 <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
188 <td>Remote Code Execution in Samba's nmbd</td>
189 <td>Samba 3.0.0 - 3.0.26a</td>
190 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
191 <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
196 <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
197 <td>GETDC mailslot processing buffer overrun in nmbd</td>
198 <td>Samba 3.0.0 - 3.0.26a</td>
199 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
200 <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
205 <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
206 <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
207 <td>Samba 3.0.25 - 3.0.25c</td>
208 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
209 <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
214 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
215 <td>Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list).</td>
216 <td>Samba 3.0.0 - 3.0.25rc3</td>
217 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
218 <td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
223 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
224 <td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
225 <td>Samba 3.0.0 - 3.0.25rc3</td>
226 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
227 <td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
232 <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
233 <td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter).</td>
234 <td>Samba 3.0.23d - 3.0.25pre2</td>
235 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
236 <td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td>
241 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td>
242 <td>Potential Denial of Service bug in smbd</td>
243 <td>Samba 3.0.6 - 3.0.23d</td>
244 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
245 <td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td>
250 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td>
251 <td>Buffer overrun in NSS host lookup Winbind library on Solaris</td>
252 <td>Samba 3.0.21 - 3.0.23d</td>
253 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
254 <td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td>
259 <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td>
260 <td>Format string bug in afsacl.so VFS plugin</td>
261 <td>Samba 3.0.6 - 3.0.23d</td>
262 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
263 <td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td>
267 <td>10 July 2006</td>
268 <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
269 <td>Memory exhaustion DoS against smbd</td>
270 <td>Samba 3.0.1 - 3.0.22</td>
271 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
272 <td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td>
277 <td>30 March 2006</td>
278 <td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
279 <td>Exposure of machine account credentials in winbind log files</td>
280 <td>Samba 3.0.21 - 3.0.21c</td>
281 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
282 <td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td>
286 <td>16 December 2004</td>
287 <td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td>
288 <td>Integer Overflow in security descriptor parsing</td>
289 <td>Samba 2.x, 3.0.x <= 3.0.9</td>
290 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
291 <td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td>
296 <td>15 November 2004</td>
297 <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for <=Samba 3.0.7</a></td>
298 <td>Buffer Overrun in smbd</td>
299 <td>Samba 3.0.x <= 3.0.7</td>
300 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
301 <td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td>
305 <td>8 November 2004</td>
306 <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for <=Samba 3.0.7</a></td>
308 <td>Samba 3.0.x <= 3.0.7</td>
309 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
310 <td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td>
314 <td>30 September 2004</td>
315 <td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for <=Samba 3.0.2a</a></td>
316 <td>Potential arbitrary file access</td>
317 <td>Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a</td>
318 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
319 <td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td>
324 <td>13 Sept 2004</td>
325 <td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td>
326 <td>Two DoS bugs; one affecting smbd, the other nmbd.</td>
327 <td>3.0.x <= 3.0.6</td>
328 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
329 <td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td>
334 <td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td>
335 <td>Two potential buffer overruns</td>
337 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>,
338 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
340 <td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a>
341 <a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td>
346 <td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td>
347 <td>Buffer overrun in hash mangling method</td>
348 <td>all 2.2 releases</td>
349 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
351 <td><a href="/samba/history/samba-2.2.10.html">release notes</a></td>
356 <td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">3.0.2a</a></td>
357 <td align="left">Password initialization bug that could grant
358 an attacker unauthorized
359 access to a user account created by the mksmbpasswd.sh shell script.</td>
362 href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
363 <td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td>
368 <td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">2.2.8a</a></td>
369 <td>Buffer overrun condition in the SMB/CIFS packet fragment
370 re-assembly code.</td>
371 <td>all 2.0 releases and <= 2.2.8</td>
372 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
373 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
374 <td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td>
379 <td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">2.2.7a</a></td>
380 <td>Bug in the length checking for encrypted password change
381 requests from clients.</td>
382 <td>2.2.2 - 2.2.6</td>
383 <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
384 <td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td>
389 <td><a href="/samba/ftp/old-versions/samba-2.2.0a.tar.gz">2.2.0a</a></td>
390 <td>Bug in expansion of certain smb.conf variables such as
391 %m that could grant an attacker the capability to overwrite arbitrary
392 files on the server. Bug that causes smbd not to honor the hosts allow
393 and deny smb.conf directives.</td>
396 <td><a href="/samba/history/samba-2.2.0a.html">release notes</a></td>
401 <td><a href="/samba/ftp/old-versions/samba-2.0.10.tar.gz">2.0.10</a></td>
402 <td>Bug in the handling of temporary files that allows local
403 users to destroy data on local devices.</td>
406 <td><a href="/samba/history/samba-2.0.10.html">release notes</a></td>
411 <p><em>If you suspect you have discovered a serious security hole in a
412 Samba release, please send an email to <a
413 href="mailto:security@samba.org">security@samba.org</a>.</em></p>
415 <!--#include virtual="footer_history.html" -->