Multiple vulnerabilities in Samba

Published: 2018-03-13 11:23:12
Severity Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-1050
CVE-2018-1057
CVSSv3 4.6 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.8 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-284
Exploitation vector Local network
Public exploit N/A
Vulnerable software Samba
Vulnerable software versions Samba 4.7.5
Samba 4.7.4
Samba 4.7.3

Show more

Vendor URL Samba

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing RPC requests to the spoolss service. A remote attacker can send a specially crafted RPC request to the affected service and trigger denial of service conditions.

Successful exploitation of the vulnerability requires that the RPC spoolss service services is configured as external daemon.

Remediation

Apply patch from vendors website.

External links

https://www.samba.org/samba/security/CVE-2018-1050.html

2) Improper access control

Description

The vulnerability allows a remote attacker to change password of arbitrary user on the server.

The vulnerability exists due to insufficient validation of user rights when changing passwords. An authenticated attacker can send a specially crated LDAP request to the directory server and change password of arbitrary AD user, including administrative accounts.

Remediation

Apply patch from vendors website.

External links

https://www.samba.org/samba/security/CVE-2018-1057.html

Back to List