Gentoo update for Samba
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 CVE-2018-11396 CVE-2018-1140 CVE-2018-11409 CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857 CVE-2018-16860 CVE-2019-10197 CVE-2019-14861 CVE-2019-14870 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 |
| CWE-ID | CWE-122 CWE-476 CWE-284 CWE-327 CWE-20 CWE-200 CWE-835 CWE-415 CWE-264 CWE-287 CWE-823 CWE-358 CWE-399 CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU14333
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10858
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU14334
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service attack.
The vulnerability exists due to a NULL pointer deference error when processing directory attributes from the LDB database layer within the DsCrackNames() function in DRSUAPI RPC server. A remote authenticated attacker can send a specially crafted request to the vulnerable samba server, trigger NULL pointer dereference error and crash the affected server.
Successful exploitation of the vulnerability requires that the Samba is configured as an Active Directory Domain Controller.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU14335
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10919
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Weakn encryption
EUVDB-ID: #VU14336
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1139
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU13557
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-11396
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) due to insufficient validation of user-supplied input. A remote attacker can supply JavaScript code, trigger access to a NULL URL, as demonstrated by a crafted window.open call and cause the service to crash.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) NULL pointer dereference
EUVDB-ID: #VU14337
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1140
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU13382
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C]
CVE-ID: CVE-2018-11409
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to unspecified flaw. A remote attacker can append __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key and gain access to arbitrary data.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
8) Infinite loop
EUVDB-ID: #VU16154
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14629
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to cause DoS condition.
The vulnerability exists due to infinite query recursion caused by CNAME loops. A local attacker can add any dns record via ldap using the ldbadd tool, trigger infinite loop and cause the server to crash.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Double-free error
EUVDB-ID: #VU16155
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16841
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The vulnerability exists due to Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ when configured to accept smart-card authentication. A remote attacker can trigger double-free with talloc_free() and directly calls abort() and cause the KDC process to crash.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU16156
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16851
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The vulnerability exists due to the entries are cached in a single memory object with a maximum size of 256MB during the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client. A remote attacker can trigger NULL pointer dereference in the LDAP service when this size is reached and cause the process to crash.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU16158
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16852
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The vulnerability exists due to an error in the internal DNS server or the Samba DLZ plugin for BIND9 during the processing of an DNS zone in the DNS management DCE/RPC server if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set. A remote attacker can NULL pointer dereference and cause the service to crash.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Denial of service
EUVDB-ID: #VU16157
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16853
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The vulnerability exists due to use of experimental MIT Kerberos build of the Samba AD DC. A remote attacker can crash the KDC when Samba is built in the non-default MIT Kerberos configuration.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU16159
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16857
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. A remote attacker can bypass security restrictions and modify arbitrary data.
MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper Authentication
EUVDB-ID: #VU18438
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16860
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to compromise vulnerable domain.
The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU20809
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10197
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to an error related to caching of responses when the 'wide links' option is explicitly set to 'yes' and either 'unix extensions = no' or 'allow insecure wide links = yes' is set in addition. A remote attacker can that does not have access to a share can send a series of request to an SMB share and gain access to the global root directory on the system.
Successful exploitation of the vulnerability may allow an attacker to read or modify arbitrary files on the system. Note, that unix permissions enforced by kernel will still apply.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of out-of-range pointer offset
EUVDB-ID: #VU23507
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14861
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improperly implemented security feature
EUVDB-ID: #VU23470
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14870
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction ("delegation_not_allowed" user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU24465
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14902
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security checks.
The vulnerability exists due to absent full-sync replication that did not allow ACL changes to be replicated to all domain controllers. A remote attacker can gain access to sensitive resources.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU24466
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14907
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of certain user-controlled string, if logging is enabled at level 3 or above. A remote attacker can send specially crafted data to the Samba DC and terminate Samba RPC server. MitigationUpdate the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU24467
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19344
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error during DNS zone scavenging. A remote attacker can under rare conditions to query DNS and obtain parts of memory that was written into database during zone scavenging process.
Update the affected packages.
net-fs/samba to version: 4.11.6
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202003-52
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
