SB2018081724 - Fedora 28 update for libldb, samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081724

SB2018081724 - Fedora 28 update for libldb, samba

Published: August 17, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018081724
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Weakn encryption (CVE-ID: CVE-2018-1139)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.


2) NULL pointer dereference (CVE-ID: CVE-2018-1140)

The vulnerability allows a remote attacker to cause denial of service attack.
The vulnerability exists due to improper input validation when processing data from the LDB database layer. A remote attacker can trigger NULL pointer dereference error and cause the LDAP server and DNS server to crash.



3) Heap-based buffer overflow (CVE-ID: CVE-2018-10858)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.


4) NULL pointer dereference (CVE-ID: CVE-2018-10918)

The vulnerability allows a remote attacker to cause denial of service attack.

The vulnerability exists due to a NULL pointer deference error when processing directory attributes from the LDB database layer within the DsCrackNames() function in DRSUAPI RPC server. A remote authenticated attacker can send a specially crafted request to the vulnerable samba server, trigger NULL pointer dereference error and crash the affected server.

Successful exploitation of the vulnerability requires that the Samba is configured as an Active Directory Domain Controller.


5) Information disclosure (CVE-ID: CVE-2018-10919)

The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing access control checks when displaying values of confidential attributes. A remote authenticated attacker can use LDAP search expression to  obtain both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.

Remediation

Install update from vendor's website.

References