Vulnerability CVE-2018-1050


Published: 2018-03-13

Description:
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: Debian linux 
Version: 8.0; 7.0;
Vendor: Samba
Product: Samba 
Version:
4.4.4
4.4.3
4.4.2
4.4.15
4.4.14
4.4.1
4.4.0
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.11
4.3.10
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.14
4.2.13
4.2.12
4.2.11
4.2.10
4.2.1
4.2.0
4.1.9
4.1.8
4.1.7
4.1.6
4.1.5
4.1.4
4.1.3
4.1.23
4.1.22
4.1.21
4.1.20
4.1.2
4.1.19
4.1.18
4.1.17
4.1.16
4.1.15
4.1.14
4.1.13
4.1.12
4.1.11
4.1.10
4.1.1
4.1.0
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.26
4.0.25
4.0.24
4.0.23
4.0.22
4.0.21
4.0.20
4.0.2
4.0.19
4.0.18
4.0.17
4.0.16
4.0.15
4.0.14
4.0.13
4.0.12
4.0.11
4.0.10
4.0.1
4.0.0
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.25
3.6.24
3.6.23
3.6.22
3.6.21
3.6.20
See more versions on NVD

CVSS2 => (AV:A/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
2.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/103387
http://www.securitytracker.com/id/1040493
https://access.redhat.com/errata/RHSA-2018:1860
https://access.redhat.com/errata/RHSA-2018:1883
https://bugzilla.redhat.com/show_bug.cgi?id=1538771
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
https://security.netapp.com/advisory/ntap-20180313-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
https://usn.ubuntu.com/3595-1/
https://usn.ubuntu.com/3595-2/
https://www.debian.org/security/2018/dsa-4135
https://www.samba.org/samba/security/CVE-2018-1050.html

Related CVE
CVE-2018-11574
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes ...
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privi...
CVE-2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2018-5764
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
CVE-2017-17433
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote atta...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechan...
CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
CVE-2017-14746
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Copyright 2018, cxsecurity.com

 

Back to Top