Details of issue NIXPKGS-2025-0013

affected

created 14 Dec 2025

NIXPKGS-2025-0013

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.

Vulnerabilities

CVE-2025-10230

Related packages

pkgs.samba

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable ???
- nixos-unstable-small 4.22.3
- nixpkgs-unstable 4.22.3

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

nixos-25.05 4.20.8
- nixpkgs-25.05-darwin 4.20.8
- nixos-25.05-small 4.20.8
nixos-unstable 4.22.3
- nixos-unstable-small 4.22.3
- nixpkgs-unstable 4.22.3

pkgs.sambamba

SAM/BAM processing tool

nixos-25.05 1.0.1
- nixpkgs-25.05-darwin 1.0.1
- nixos-25.05-small 1.0.1
nixos-unstable 1.0.1
- nixos-unstable-small 1.0.1
- nixpkgs-unstable 1.0.1

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

nixos-25.05 4.20.8
- nixpkgs-25.05-darwin 4.20.8
- nixos-25.05-small 4.20.8
nixos-unstable 4.22.3
- nixos-unstable-small 4.22.3
- nixpkgs-unstable 4.22.3

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

nixos-25.05 4.20.8
- nixpkgs-25.05-darwin 4.20.8
- nixos-25.05-small 4.20.8
nixos-unstable 4.22.3
- nixos-unstable-small 4.22.3
- nixpkgs-unstable 4.22.3

Fixed in: https://github.com/NixOS/nixpkgs/pull/433796 https://github.com/NixOS/nixpkgs/pull/452396