SB2018112810 - Debian update for samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018112810

SB2018112810 - Debian update for samba

Published: November 28, 2018

Security Bulletin ID SB2018112810
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-14629)

The vulnerability allows a local unauthenticated attacker to cause DoS condition.

The vulnerability exists due to infinite query recursion caused by CNAME loops. A local attacker can add any dns record via ldap using the ldbadd tool, trigger infinite loop and cause the server to crash.


2) Double-free error (CVE-ID: CVE-2018-16841)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The vulnerability exists due to Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ when configured to accept smart-card authentication. A remote attacker can trigger double-free with talloc_free() and directly calls abort() and cause the KDC process to crash.


3) NULL pointer dereference (CVE-ID: CVE-2018-16851)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The vulnerability exists due to the entries are cached in a single memory object with a maximum size of 256MB during the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client. A remote attacker can trigger NULL pointer dereference in the LDAP service when this size is reached and cause the process to crash.


Remediation

Install update from vendor's website.

References