SB2018062002 - Red Hat update for samba
Published: June 20, 2018
Security Bulletin ID
SB2018062002
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-1050)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing RPC requests to the spoolss service. A remote attacker can send a specially crafted RPC request to the affected service and trigger denial of service conditions.
Successful exploitation of the vulnerability requires that the RPC spoolss service services is configured as external daemon.
2) Race condition (CVE-ID: CVE-2017-2619)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote authenticated user to access otherwise restricted files.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
Remediation
Install update from vendor's website.