SB2018081713 - OpenSUSE Linux update for samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081713

SB2018081713 - OpenSUSE Linux update for samba

Published: August 17, 2018

Security Bulletin ID SB2018081713
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2018-10858)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.


2) NULL pointer dereference (CVE-ID: CVE-2018-10918)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause denial of service attack.

The vulnerability exists due to a NULL pointer deference error when processing directory attributes from the LDB database layer within the DsCrackNames() function in DRSUAPI RPC server. A remote authenticated attacker can send a specially crafted request to the vulnerable samba server, trigger NULL pointer dereference error and crash the affected server.

Successful exploitation of the vulnerability requires that the Samba is configured as an Active Directory Domain Controller.


3) Information disclosure (CVE-ID: CVE-2018-10919)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing access control checks when displaying values of confidential attributes. A remote authenticated attacker can use LDAP search expression to  obtain both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.

4) Weakn encryption (CVE-ID: CVE-2018-1139)

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.


5) NULL pointer dereference (CVE-ID: CVE-2018-1140)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause denial of service attack.
The vulnerability exists due to improper input validation when processing data from the LDB database layer. A remote attacker can trigger NULL pointer dereference error and cause the LDAP server and DNS server to crash.



Remediation

Install update from vendor's website.

References