samba -- Multiple vulnerabilities
The Samba Team reports:
The KDC and the kpasswd service share a single account
and set of keys, allowing them to decrypt each other's
tickets. A user who has been requested to change their
password can exploit this to obtain and use tickets to
The KDC accepts kpasswd requests encrypted with any key
known to it. By encrypting forged kpasswd requests with
its own key, a user can change the passwords of other
users, enabling full domain takeover.
Samba AD users can cause the server to access
uninitialised data with an LDAP add or modify request,
usually resulting in a segmentation fault.
The AD DC database audit logging module can be made to
access LDAP message values that have been freed by a
preceding database module, resulting in a
use-after-free. This is only possible when modifying
certain privileged attributes, such as
SMB1 Client with write access to a share can cause
server memory contents to be written into a file or
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright