Author: kseeger Date: 2009-10-01 05:53:07 -0600 (Thu, 01 Oct 2009) New Revision: 1330
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1330 Log: Fix links Karolin Modified: trunk/history/security.html Changeset: Modified: trunk/history/security.html =================================================================== --- trunk/history/security.html 2009-10-01 09:41:21 UTC (rev 1329) +++ trunk/history/security.html 2009-10-01 11:53:07 UTC (rev 1330) @@ -41,7 +41,7 @@ patch 2 for Samba 3.0.36</a> <td>Information disclosure by setuid mount.cifs</td> <td>all releases</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td> <td><a href="/samba/security/CVE-2009-2948.html">Announcement</a></td> </tr> @@ -57,7 +57,7 @@ patch for Samba 3.0.36</a> <td>Remote DoS against smbd on authenticated connections</td> <td>all releases</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td> <td><a href="/samba/security/CVE-2009-2906.html">Announcement</a></td> </tr> <tr> @@ -74,7 +74,7 @@ patch for Samba 3.0.36</a> <td>Misconfigured /etc/passwd file may share folders unexpectedly</td> <td>> 3.0.11</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td> <td><a href="/samba/security/CVE-2009-2813.html">Announcement</a></td> </tr> <tr> @@ -89,7 +89,7 @@ patch for Samba 3.0.34</a> <td>Uninitialized read of a data value</td> <td>Samba 3.0.31 - 3.3.5</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td> <td><a href="/samba/security/CVE-2009-1888.html">Announcement</a></td> </tr> <tr> @@ -100,7 +100,7 @@ patch for Samba 3.2.12</a> <td>Formatstring vulnerability in smbclient</td> <td>Samba 3.2.0 - 3.2.12</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td> <td><a href="/samba/security/CVE-2009-1886.html">Announcement</a></td> </tr> <tr> @@ -111,7 +111,7 @@ patch for Samba 3.2.6</a> <td>Potential access to "/" in setups with registry shares enabled</td> <td>Samba 3.2.0 - 3.2.6</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td> <td><a href="/samba/security/CVE-2009-0022.html">Announcement</a></td> </tr> <tr> @@ -122,7 +122,7 @@ patch for Samba 3.2.4</a></td> <td>Potential leak of arbitrary memory contents</td> <td>Samba 3.0.29 - 3.2.4</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td> <td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td> </tr> @@ -134,7 +134,7 @@ patch 2 for Samba 3.2.2</a></td> <td>Wrong permissions of group_mapping.ldb</td> <td>Samba 3.2.0 - 3.2.2</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td> <td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td> </tr> @@ -143,7 +143,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td> <td>Boundary failure when parsing SMB responses</td> <td>Samba 3.0.0 - 3.0.29</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td> <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td> </tr> @@ -152,7 +152,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td> <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td> <td>Samba 3.0.0 - 3.0.27a</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td> <td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td> </tr> @@ -161,7 +161,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td> <td>Remote Code Execution in Samba's nmbd</td> <td>Samba 3.0.0 - 3.0.26a</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td> <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td> </tr> @@ -170,7 +170,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td> <td>GETDC mailslot processing buffer overrun in nmbd</td> <td>Samba 3.0.0 - 3.0.26a</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td> <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td> </tr> @@ -179,7 +179,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td> <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td> <td>Samba 3.0.25 - 3.0.25c</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td> <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td> </tr> @@ -188,7 +188,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td> <td>Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list).</td> <td>Samba 3.0.0 - 3.0.25rc3</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td> <td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td> </tr> @@ -197,7 +197,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td> <td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td> <td>Samba 3.0.0 - 3.0.25rc3</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td> <td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td> </tr> @@ -206,7 +206,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td> <td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter).</td> <td>Samba 3.0.23d - 3.0.25pre2</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td> <td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td> </tr> @@ -215,7 +215,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td> <td>Potential Denial of Service bug in smbd</td> <td>Samba 3.0.6 - 3.0.23d</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td> <td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td> </tr> @@ -224,7 +224,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td> <td>Buffer overrun in NSS host lookup Winbind library on Solaris</td> <td>Samba 3.0.21 - 3.0.23d</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td> <td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td> </tr> @@ -233,7 +233,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td> <td>Format string bug in afsacl.so VFS plugin</td> <td>Samba 3.0.6 - 3.0.23d</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td> <td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td> </tr> @@ -242,7 +242,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td> <td>Memory exhaustion DoS against smbd</td> <td>Samba 3.0.1 - 3.0.22</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td> <td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td> </tr> @@ -252,7 +252,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td> <td>Exposure of machine account credentials in winbind log files</td> <td>Samba 3.0.21 - 3.0.21c</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td> <td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td> </tr> @@ -261,7 +261,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td> <td>Integer Overflow in security descriptor parsing</td> <td>Samba 2.x, 3.0.x <= 3.0.9</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td> <td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td> </tr> @@ -271,7 +271,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for <=Samba 3.0.7</a></td> <td>Buffer Overrun in smbd</td> <td>Samba 3.0.x <= 3.0.7</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td> <td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td> </tr> @@ -280,7 +280,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for <=Samba 3.0.7</a></td> <td>Remote DoS</td> <td>Samba 3.0.x <= 3.0.7</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td> <td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td> </tr> @@ -289,7 +289,7 @@ <td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for <=Samba 3.0.2a</a></td> <td>Potential arbitrary file access</td> <td>Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td> <td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td> </tr> @@ -299,7 +299,7 @@ <td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td> <td>Two DoS bugs; one affecting smbd, the other nmbd.</td> <td>3.0.x <= 3.0.6</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td> <td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td> </tr> @@ -308,8 +308,8 @@ <td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td> <td>Two potential buffer overruns</td> <td>>=3.0.2</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>, - <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a> </td> <td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a> <a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td> @@ -320,7 +320,7 @@ <td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td> <td>Buffer overrun in hash mangling method</td> <td>all 2.2 releases</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a> </td> <td><a href="/samba/history/samba-2.2.10.html">release notes</a></td> </tr> @@ -333,7 +333,7 @@ access to a user account created by the mksmbpasswd.sh shell script.</td> <td>>=3.0.0</td> <td><a - href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td> + href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td> <td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td> </tr> @@ -343,8 +343,8 @@ <td>Buffer overrun condition in the SMB/CIFS packet fragment re-assembly code.</td> <td>all 2.0 releases and <= 2.2.8</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>, - <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td> <td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td> </tr> @@ -354,7 +354,7 @@ <td>Bug in the length checking for encrypted password change requests from clients.</td> <td>2.2.2 - 2.2.6</td> - <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td> <td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td> </tr>