Project

General

Profile

Bug #9250

Bug #9248: samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)

[3.8] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)

Added by Alicha CH 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/16/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.

Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a directory listing.

Fixed In Version:

samba 4.6.16, samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html

CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server

All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the "samba" process when Samba is an
Active Directory Domain Controller.

Fixed In Version:

samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html

CVE-2018-10919: Confidential attribute disclosure via substring search

All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.

Fixed In Version:

samba 4.6.16, samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html

CVE-2018-1139: Weak authentication protocol regression

Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.

Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.

Fixed In Version:

samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html

CVE-2018-1140: Denial of Service Attack on DNS and LDAP server

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.

Fixed In Version:

samba 4.8.4

References:

https://bugzilla.redhat.com/show_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html


Related issues

Copied from Alpine Linux - Bug #9248: samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)Closed2018-08-16

Associated revisions

Revision 53e46bd2 (diff)
Added by Leonardo Arena 5 months ago

main/samba: security upgrade to 4.8.4

CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140

Fixes #9250

History

#1 Updated by Alicha CH 5 months ago

  • Copied from Bug #9248: samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140) added

#2 Updated by Anonymous 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 5 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)

Also available in: Atom PDF