Samba Security Releases

Security releases for Samba are listed below by their release date. The previously affected versions of Samba are listed alongside the appropriate security concern. For complete information, follow the link to full release notes for each release.

Samba Security Releases
Date Issued Download Known Issue(s) Affected Releases CVE ID # Details
02 Apr 2013 patch for Samba 3.6.5 A writable configured share might get read only 3.6.0 - 3.6.5 (inclusive) CVE-2013-0454 Announcement
19 Mar 2013 patch for Samba 4.0.3 World-writeable files may be created in additional shares on a Samba 4.0 AD DC. 4.0.0rc6-4.0.3 CVE-2013-1863 Announcement
30 Jan 2013 patch for Samba 4.0.1 patch for Samba 3.6.11 patch for Samba 3.5.20 Clickjacking issue and potential XSRF in SWAT. 3.0.x-4.0.1 CVE-2013-0213, CVE-2013-0214 Announcement Announcement
15 Jan 2013 patch for Samba 4.0.0 Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. 4.0.0 CVE-2013-0172 Announcement
30 Apr 2012 patch for Samba 3.4.16 patch for Samba 3.5.14 patch for Samba 3.6.4 Incorrect permission checks when granting/removing privileges can compromise file server security. 3.4.x-3.6.4 CVE-2012-2111 Announcement
10 Apr 2012 patch for Samba 3.0.37 patch for Samba 3.2.15 patch for Samba 3.3.16 patch for Samba 3.4.15 patch for Samba 3.5.13 patch for Samba 3.6.3 "root" credential remote code execution all current releases CVE-2012-1182 Announcement
23 Feb 2012 patch for Samba 3.0 patch for Samba 3.2 patch for Samba 3.3 Remote code execution vulnerability in smbd pre-3.4 CVE-2012-0870 Announcement
29 Jan 2012 patch for Samba 3.6.2 Memory leak/Denial of service 3.6.0-3.6.2 CVE-2012-0817 Announcement
26 Jul 2011 patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 Cross-Site Request Forgery in SWAT all current releases CVE-2011-2522 Announcement
26 Jul 2011 patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 Cross-Site Scripting vulnerability in SWAT all current releases CVE-2011-2694 Announcement
18 Feb 2011 patch for Samba 3.3.14 patch for Samba 3.4.11 patch for Samba 3.5.6 Denial of service - memory corruption all current releases CVE-2011-0719 Announcement
14 Sep 2010 patch for Samba 3.3.13 patch for Samba 3.4.8 patch for Samba 3.5.4 Buffer Overrun Vulnerability all current releases CVE-2010-3069 Announcement
16 Jun 2010 patch for Samba 3.3.12 and 3.2.15 patch for Samba 3.0.37 Memory Corruption Vulnerability 3.0.x, 3.2.x, 3.3.0-3.3.12 CVE-2010-2063 Announcement
08 Mar 2010 patch for Samba 3.5.0 patch for Samba 3.4.6 patch for Samba 3.3.11 Permission ignored 3.3.11, 3.4.6, 3.5.0 CVE-2010-0728 Announcement
02 Feb 2010 not available Change parameter "wide links" to default to "no" pre-3.4.6 CVE-2010-0926 Announcement
01 Oct 2009 patch 1 for Samba 3.4.1 patch 2 for Samba 3.4.1 patch 1 for Samba 3.3.7 patch 2 for Samba 3.3.7 patch 1 for Samba 3.2.14 patch 2 for Samba 3.2.14 patch 1 for Samba 3.0.36 patch 2 for Samba 3.0.36 Information disclosure by setuid mount.cifs all releases CVE-2009-2948 Announcement
01 Oct 2009 patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 Remote DoS against smbd on authenticated connections all releases CVE-2009-2906 Announcement
01 Oct 2009 patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 Misconfigured /etc/passwd file may share folders unexpectedly > 3.0.11 CVE-2009-2813 Announcement
23 Jun 2009 patch for Samba 3.3.5 patch for Samba 3.2.12 patch for Samba 3.0.34 Uninitialized read of a data value Samba 3.0.31 - 3.3.5 CVE-2009-1888 Announcement
23 Jun 2009 patch for Samba 3.2.12 Formatstring vulnerability in smbclient Samba 3.2.0 - 3.2.12 CVE-2009-1886 Announcement
05 Jan 2009 patch for Samba 3.2.6 Potential access to "/" in setups with registry shares enabled Samba 3.2.0 - 3.2.6 CVE-2009-0022 Announcement
27 Nov 2008 patch for Samba 3.0.32 patch for Samba 3.2.4 Potential leak of arbitrary memory contents Samba 3.0.29 - 3.2.4 CVE-2008-4314 Announcement
27 Aug 2008 patch 1 for Samba 3.2.2 patch 2 for Samba 3.2.2 Wrong permissions of group_mapping.ldb Samba 3.2.0 - 3.2.2 CVE-2008-3789 Announcement
29 May 2008 patch for Samba 3.0.29 Boundary failure when parsing SMB responses Samba 3.0.0 - 3.0.29 CVE-2008-1105 Announcement
10 Dec 2007 patch for Samba 3.0.27a Remote Code Execution in Samba's nmbd (send_mailslot()) Samba 3.0.0 - 3.0.27a CVE-2007-6015 Announcement
15 Nov 2007 patch for Samba 3.0.26a Remote Code Execution in Samba's nmbd Samba 3.0.0 - 3.0.26a CVE-2007-5398 Announcement
15 Nov 2007 patch for Samba 3.0.26a GETDC mailslot processing buffer overrun in nmbd Samba 3.0.0 - 3.0.26a CVE-2007-4572 Announcement
11 Sep 2007 patch for Samba 3.0.25 Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin. Samba 3.0.25 - 3.0.25c CVE-2007-4138 Announcement
14 May 2007 patch for Samba 3.0.24 Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list). Samba 3.0.0 - 3.0.25rc3 CVE-2007-2447 Announcement
14 May 2007 patch for Samba 3.0.24 Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code). Samba 3.0.0 - 3.0.25rc3 CVE-2007-2446 Announcement
14 May 2007 patch for Samba 3.0.24 Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter). Samba 3.0.23d - 3.0.25pre2 CVE-2007-2444 Announcement
5 Feb 2007 patch for Samba 3.0.23d Potential Denial of Service bug in smbd Samba 3.0.6 - 3.0.23d CVE-2007-0452 Announcement
5 Feb 2007 patch for Samba 3.0.23d Buffer overrun in NSS host lookup Winbind library on Solaris Samba 3.0.21 - 3.0.23d CVE-2007-0453 Announcement
5 Feb 2007 patch for Samba 3.0.23d Format string bug in afsacl.so VFS plugin Samba 3.0.6 - 3.0.23d CVE-2007-0454 Announcement
10 July 2006 patch for Samba 3.0.1 - 3.0.22 Memory exhaustion DoS against smbd Samba 3.0.1 - 3.0.22 CVE-2006-3403 Announcement
30 March 2006 patch for Samba 3.0.21[a-c] Exposure of machine account credentials in winbind log files Samba 3.0.21 - 3.0.21c CVE-2006-1059 Announcement
16 December 2004 patch for Samba 3.0.9 Integer Overflow in security descriptor parsing Samba 2.x, 3.0.x <= 3.0.9 CVE-2004-1154 Announcement
15 November 2004 patch for <=Samba 3.0.7 Buffer Overrun in smbd Samba 3.0.x <= 3.0.7 CVE-2004-0882 Announcement
8 November 2004 patch for <=Samba 3.0.7 Remote DoS Samba 3.0.x <= 3.0.7 CVE-2004-0930 Announcement
30 September 2004 Samba 2.2.12 and/or patch for <=Samba 3.0.2a Potential arbitrary file access Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a CVE-2004-0815 Announcement
13 Sept 2004 3.0.5 patch Two DoS bugs; one affecting smbd, the other nmbd. 3.0.x <= 3.0.6 CVE-2004-0807, CVE-2004-0808 Announcement
22 Jul 2004 3.0.5 Two potential buffer overruns >=3.0.2 CVE-2004-0600, CVE-2004-0686 CVE-2004-0600 Announcement CVE-2004-0686 Announcement
22 Jul 2004 2.2.10 Buffer overrun in hash mangling method all 2.2 releases CVE-2004-0686 release notes
9 Feb 2004 3.0.2a Password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. >=3.0.0 CVE-2004-0082 Announcement
7 Apr 2003 2.2.8a Buffer overrun condition in the SMB/CIFS packet fragment re-assembly code. all 2.0 releases and <= 2.2.8 CVE-2003-0196, CVE-2003-0201 release notes
10 Dec 2002 2.2.7a Bug in the length checking for encrypted password change requests from clients. 2.2.2 - 2.2.6 CVE-2003-0085 release notes
23 Jun 2001 2.2.0a Bug in expansion of certain smb.conf variables such as %m that could grant an attacker the capability to overwrite arbitrary files on the server. Bug that causes smbd not to honor the hosts allow and deny smb.conf directives. 2.2.0   release notes
23 Jun 2001 2.0.10 Bug in the handling of temporary files that allows local users to destroy data on local devices. >= 2.0.0   release notes

If you suspect you have discovered a serious security hole in a Samba release, please send an email to security@samba.org.