Vulnerabilities > CVE-2018-1050 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW

Summary

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Vulnerable Configurations

Part Description Count
OS
Canonical
4
OS
Debian
3
OS
Redhat
6
Application
Samba
182

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1754.NASL
    descriptionVarious vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users
    last seen2020-06-01
    modified2020-06-02
    plugin id123959
    published2019-04-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123959
    titleDebian DLA-1754-1 : samba security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1754-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123959);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2017-9461", "CVE-2018-1050", "CVE-2018-1057", "CVE-2019-3880");
    
      script_name(english:"Debian DLA-1754-1 : samba security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various vulnerabilities were discovered in Samba, SMB/CIFS file,
    print, and login server/client for Unix
    
    CVE-2017-9461
    
    smbd in Samba had a denial of service vulnerability (fd_open_atomic
    infinite loop with high CPU usage and memory consumption) due to
    wrongly handling dangling symlinks.
    
    CVE-2018-1050
    
    Samba was vulnerable to a denial of service attack when the RPC
    spoolss service was configured to be run as an external daemon.
    Missing input sanitization checks on some of the input parameters to
    spoolss RPC calls could have caused the print spooler service to
    crash.
    
    CVE-2018-1057
    
    On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
    permissions to modify passwords over LDAP allowing authenticated users
    to change any other users' passwords, including administrative users
    and privileged service accounts (eg Domain Controllers).
    
    Thanks to the Ubuntu security team for having backported the
    rather invasive changeset to Samba in Ubuntu 14.04 (which we
    could use to patch Samba in Debian jessie LTS).
    
    CVE-2019-3880
    
    A flaw was found in the way Samba implemented an RPC endpoint
    emulating the Windows registry service API. An unprivileged attacker
    could have used this flaw to create a new registry hive file anywhere
    they had unix permissions which could have lead to creation of a new
    file in the Samba share.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    2:4.2.14+dfsg-0+deb8u12.
    
    We recommend that you upgrade your samba packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/samba"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libparse-pidl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4135.NASL
    descriptionSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. https://www.samba.org/samba/security/CVE-2018-1050.html - CVE-2018-1057 Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users. https://www.samba.org/samba/security/CVE-2018-1057.html https://wiki.samba.org/index.php/CVE-2018-1057
    last seen2020-06-01
    modified2020-06-02
    plugin id108304
    published2018-03-14
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108304
    titleDebian DSA-4135-1 : samba - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4135. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108304);
      script_version("1.6");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2018-1050", "CVE-2018-1057");
      script_xref(name:"DSA", value:"4135");
    
      script_name(english:"Debian DSA-4135-1 : samba - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Samba, a SMB/CIFS
    file, print, and login server for Unix. The Common Vulnerabilities and
    Exposures project identifies the following issues :
    
      - CVE-2018-1050
        It was discovered that Samba is prone to a denial of
        service attack when the RPC spoolss service is
        configured to be run as an external daemon.
    
        https://www.samba.org/samba/security/CVE-2018-1050.html
    
      - CVE-2018-1057
        Bjoern Baumbach from Sernet discovered that on Samba 4
        AD DC the LDAP server incorrectly validates permissions
        to modify passwords over LDAP allowing authenticated
        users to change any other users passwords, including
        administrative users.
    
        https://www.samba.org/samba/security/CVE-2018-1057.html
    
        https://wiki.samba.org/index.php/CVE-2018-1057"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-1050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2018-1050.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-1057"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2018-1057.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://wiki.samba.org/index.php/CVE-2018-1057"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/samba"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/samba"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4135"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the samba packages.
    
    For the oldstable distribution (jessie), CVE-2018-1050 will be
    addressed in a later update. Unfortunately the changes required to fix
    CVE-2018-1057 for Debian oldstable are too invasive to be backported.
    Users using Samba as an AD-compatible domain controller are encouraged
    to apply the workaround described in the Samba wiki and upgrade to
    Debian stretch.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 2:4.5.12+dfsg-2+deb9u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"ctdb", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libnss-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libpam-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libparse-pidl-perl", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libsmbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libsmbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libwbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libwbclient0", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"python-samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"registry-tools", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-common", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-common-bin", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-dsdb-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-libs", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-testsuite", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"samba-vfs-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"smbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1150.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - samba: Insufficient input validation in libsmbclient (CVE-2018-10858) - samba: NULL pointer dereference in printer server process (CVE-2018-1050) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123624
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123624
    titleEulerOS 2.0 SP5 : samba (EulerOS-SA-2019-1150)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123624);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2018-1050",
        "CVE-2018-10858"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-1150)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the samba packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - samba: Insufficient input validation in libsmbclient
        (CVE-2018-10858)
    
      - samba: NULL pointer dereference in printer server
        process (CVE-2018-1050)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1150
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?badcc9b9");
      script_set_attribute(attribute:"solution", value:
    "Update the affected samba packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libsmbclient-4.7.1-9.h2.eulerosv2r7",
            "libwbclient-4.7.1-9.h2.eulerosv2r7",
            "samba-4.7.1-9.h2.eulerosv2r7",
            "samba-client-4.7.1-9.h2.eulerosv2r7",
            "samba-client-libs-4.7.1-9.h2.eulerosv2r7",
            "samba-common-4.7.1-9.h2.eulerosv2r7",
            "samba-common-libs-4.7.1-9.h2.eulerosv2r7",
            "samba-common-tools-4.7.1-9.h2.eulerosv2r7",
            "samba-libs-4.7.1-9.h2.eulerosv2r7",
            "samba-python-4.7.1-9.h2.eulerosv2r7",
            "samba-winbind-4.7.1-9.h2.eulerosv2r7",
            "samba-winbind-clients-4.7.1-9.h2.eulerosv2r7",
            "samba-winbind-modules-4.7.1-9.h2.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1126.NASL
    descriptionA NULL pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.(CVE-2018-1050) A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.(CVE-2018-10858) A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.(CVE-2018-1139)
    last seen2020-03-28
    modified2018-12-20
    plugin id119781
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119781
    titleAmazon Linux 2 : samba (ALAS-2018-1126)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0774-1.NASL
    descriptionThis update for samba fixes the following issues : - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108581
    published2018-03-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108581
    titleSUSE SLES11 Security Update : samba (SUSE-SU-2018:0774-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2613.NASL
    descriptionUpdated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer indirection in printer server process (CVE-2018-1050) Red Hat would like to thank the Samba project for reporting CVE-2018-1139 and CVE-2018-1050. Upstream acknowledges Vivek Das (Red Hat) as the original reporter of CVE-2018-1139. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, sharing a subdirectory of a Gluster volume failed with an I/O error when the shadow_copy2 vfs object was specified. This occurred because Gluster volumes are remote file systems, and shadow_copy2 only detected share paths in the local file system. This update forces the value of shadow:mountpath to
    last seen2020-06-01
    modified2020-06-02
    plugin id117320
    published2018-09-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117320
    titleRHEL 7 : Storage Server (RHSA-2018:2613)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2321-1.NASL
    descriptionThis update for samba fixes the following issues: Security issues fixed : - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Bug fixes : - bsc#1027593: Update
    last seen2020-06-01
    modified2020-06-02
    plugin id111742
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111742
    titleSUSE SLES12 Security Update : samba (SUSE-SU-2018:2321-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0128_SAMBA4.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has samba4 packages installed that are affected by a vulnerability: - A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. (CVE-2018-1050) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127380
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127380
    titleNewStart CGSL MAIN 4.05 : samba4 Vulnerability (NS-SA-2019-0128)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0754-1.NASL
    descriptionSamba was updated to version 4.6.13 to fix several bugs. (bsc#1084191) Security issue fixed : - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741). The library talloc was updated to version 2.1.10 : - build, documentation and python3 improvements The library tevent was updated to version 0.9.34 (bsc#1069666); - Remove unused select backend - Fix a race condition in tevent_threaded_schedule_immediate(); (bso#13130); - make tevent_req_print() more robust against crashes - Fix mutex locking in tevent_threaded_context_destructor(). - Re-init threading in tevent_re_initialise(). - Include the finish location in tevent_req_default_print(). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108529
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108529
    titleSUSE SLED12 / SLES12 Security Update : samba, talloc, tevent (SUSE-SU-2018:0754-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1883.NASL
    descriptionFrom Red Hat Security Advisory 2018:1883 : An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110705
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110705
    titleOracle Linux 6 : samba4 (ELSA-2018-1883)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1273.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. (CVE-2018-1050) - A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.(CVE-2018-10858) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123741
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123741
    titleEulerOS Virtualization 2.5.3 : samba (EulerOS-SA-2019-1273)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1883.NASL
    descriptionAn update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110649
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110649
    titleCentOS 6 : samba4 (CESA-2018:1883)
  • NASL familyMisc.
    NASL idSAMBA_4_7_6.NASL
    descriptionThe version of Samba running on the remote host is 4.5.x prior to 4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability. Note: Refer to the advisories for possible workarounds. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id108378
    published2018-03-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108378
    titleSamba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1408.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.(CVE-2018-1050) - A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. (CVE-2018-10858) - A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.(CVE-2017-14746) - A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.(CVE-2017-15275) - It was found that samba did not enforce
    last seen2020-06-01
    modified2020-06-02
    plugin id124911
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124911
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : samba (EulerOS-SA-2019-1408)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1883.NASL
    descriptionAn update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110604
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110604
    titleRHEL 6 : samba4 (RHSA-2018:1883)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1126.NASL
    descriptionA NULL pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. (CVE-2018-1050) A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. (CVE-2018-10858) A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. (CVE-2018-1139)
    last seen2020-03-17
    modified2019-01-25
    plugin id121359
    published2019-01-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121359
    titleAmazon Linux AMI : samba (ALAS-2018-1126)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_SAMBA_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - samba: Weak authentication protocol regression (CVE-2018-1139) - samba: Insufficient input validation in libsmbclient (CVE-2018-10858) - samba: NULL pointer dereference in printer server process (CVE-2018-1050)
    last seen2020-03-18
    modified2018-11-27
    plugin id119198
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119198
    titleScientific Linux Security Update : samba on SL7.x x86_64 (20181030)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FB26F78A26A911E8A1C200505689D4AE.NASL
    descriptionThe samba project reports : Missing NULL pointer checks may crash the external print server process. On a Samba 4 AD DC any authenticated user can change other user
    last seen2020-06-01
    modified2020-06-02
    plugin id108316
    published2018-03-14
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108316
    titleFreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3595-1.NASL
    descriptionBjorn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108335
    published2018-03-14
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108335
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0832-1.NASL
    descriptionThis update for samba fixes the following issues : - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108687
    published2018-03-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108687
    titleSUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:0832-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180619_SAMBA4_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - samba: NULL pointer indirection in printer server process (CVE-2018-1050)
    last seen2020-03-18
    modified2018-07-03
    plugin id110890
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110890
    titleScientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20180619)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1125.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - samba: Insufficient input validation in libsmbclient (CVE-2018-10858) - samba: NULL pointer dereference in printer server process (CVE-2018-1050) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123599
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123599
    titleEulerOS 2.0 SP2 : samba (EulerOS-SA-2019-1125)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1860.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110646
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110646
    titleCentOS 6 : samba (CESA-2018:1860)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1860.NASL
    descriptionFrom Red Hat Security Advisory 2018:1860 : An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110702
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110702
    titleOracle Linux 6 : samba (ELSA-2018-1860)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180619_SAMBA_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - samba: NULL pointer indirection in printer server process (CVE-2018-1050)
    last seen2020-03-18
    modified2018-07-03
    plugin id110891
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110891
    titleScientific Linux Security Update : samba on SL6.x i386/x86_64 (20180619)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2339-1.NASL
    descriptionThis update for samba fixes the following issues: The following security issues were fixed : - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111785
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111785
    titleSUSE SLES12 Security Update : samba (SUSE-SU-2018:2339-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0134_SAMBA.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has samba packages installed that are affected by a vulnerability: - A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. (CVE-2018-1050) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127392
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127392
    titleNewStart CGSL MAIN 4.05 : samba Vulnerability (NS-SA-2019-0134)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2612.NASL
    descriptionUpdated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer indirection in printer server process (CVE-2018-1050) Red Hat would like to thank the Samba project for reporting CVE-2018-1139 and CVE-2018-1050. Upstream acknowledges Vivek Das (Red Hat) as the original reporter of CVE-2018-1139. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, sharing a subdirectory of a Gluster volume failed with an I/O error when the shadow_copy2 vfs object was specified. This occurred because Gluster volumes are remote file systems, and shadow_copy2 only detected share paths in the local file system. This update forces the value of shadow:mountpath to '/', skipping the code related to mount point detection, and preventing this problem. However, this fix requires that the glusterfs vfs object is listed after the shadow_copy2 vfs object in the smb.conf file. (BZ#1379444) * As of Red Hat Gluster Storage 3.4, the libldb package is no longer shipped as an independent package in the Red Hat Gluster Storage Samba channel. The capabilities of the libldb package are now provided by a combination of the samba-client and samba-client-libs packages. In addition, the sub-packages previously provided by libldb are now provided by the samba-client and samba-client-libs packages. The samba-client sub-package provides ldb-tools, and the samba-client-libs sub-package provides pyldb. (BZ# 1592794) Enhancement(s) : * Red Hat Gluster Storage volumes exported using SMB can now be mounted on macOS clients using Finder. Configuration instructions are provided as part of the Red Hat Gluster Storage 3.4 documentation. (BZ#1446125) Red Hat strongly recommends upgrading to these updated packages. Disabled on 2018/11/06. Detection of Gluster Storage Server on RHEL 6 is no longer possible due to changes in Gluster package versioning.
    last seen2019-02-21
    modified2018-11-07
    plugin id117319
    published2018-09-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=117319
    titleRHEL 6 : Storage Server (RHSA-2018:2612) (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C5C651AC44.NASL
    descriptionSecurity fix for CVE-2018-1050 CVE-2018-1057 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-03-15
    plugin id108349
    published2018-03-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108349
    titleFedora 27 : 2:samba / libldb (2018-c5c651ac44)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3056.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.8.3). (BZ#1558560) Security Fix(es) : * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting CVE-2018-1050. The CVE-2018-1139 issue was discovered by Vivek Das (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-03-28
    modified2018-12-17
    plugin id119691
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119691
    titleCentOS 7 : samba (CESA-2018:3056)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3056.NASL
    descriptionFrom Red Hat Security Advisory 2018:3056 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.8.3). (BZ#1558560) Security Fix(es) : * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting CVE-2018-1050. The CVE-2018-1139 issue was discovered by Vivek Das (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118766
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118766
    titleOracle Linux 7 : samba (ELSA-2018-3056)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201805-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201805-07 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id109974
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109974
    titleGLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2339-2.NASL
    descriptionThis update for samba fixes the following issues : The following security issues were fixed : CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118282
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118282
    titleSUSE SLES12 Security Update : samba (SUSE-SU-2018:2339-2)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0069_SAMBA.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has samba packages installed that are affected by multiple vulnerabilities: - A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. (CVE-2018-1050) - A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. (CVE-2018-1139) - A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. (CVE-2018-10858) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127271
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127271
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2019-0069)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1860.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * samba: NULL pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110601
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110601
    titleRHEL 6 : samba (RHSA-2018:1860)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1342.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.(CVE-2018-1050) - A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.(CVE-2018-10858) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-06
    plugin id124628
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124628
    titleEulerOS 2.0 SP3 : samba (EulerOS-SA-2019-1342)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-7D0ACD608B.NASL
    descriptionSecurity fix for CVE-2018-1050 CVE-2018-1057 ---- Update to Samba 4.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-03-21
    plugin id108501
    published2018-03-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108501
    titleFedora 26 : 2:samba (2018-7d0acd608b)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1320.NASL
    descriptionSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Thanks for Jeremy Allison for the patch. https://www.samba.org/samba/security/CVE-2018-1050.html For Debian 7
    last seen2020-03-17
    modified2018-03-28
    plugin id108661
    published2018-03-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108661
    titleDebian DLA-1320-1 : samba security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-300.NASL
    descriptionSamba was updated to version 4.6.13 to fix several bugs. (bsc#1084191) Security issue fixed : - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741). The library talloc was updated to version 2.1.10 : - build, documentation and python3 improvements The library tevent was updated to version 0.9.34 (bsc#1069666); - Remove unused select backend - Fix a race condition in tevent_threaded_schedule_immediate(); (bso#13130); - make tevent_req_print() more robust against crashes - Fix mutex locking in tevent_threaded_context_destructor(). - Re-init threading in tevent_re_initialise(). - Include the finish location in tevent_req_default_print(). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-03-27
    plugin id108630
    published2018-03-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108630
    titleopenSUSE Security Update : samba / talloc / tevent (openSUSE-2018-300)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3056.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.8.3). (BZ#1558560) Security Fix(es) : * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting CVE-2018-1050. The CVE-2018-1139 issue was discovered by Vivek Das (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118519
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118519
    titleRHEL 7 : samba (RHSA-2018:3056)

Redhat

advisories
  • bugzilla
    id1538771
    titleCVE-2018-1050 samba: NULL pointer dereference in printer server process
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentsamba-winbind-clients is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860001
          • commentsamba-winbind-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258018
        • AND
          • commentlibsmbclient is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860003
          • commentlibsmbclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258012
        • AND
          • commentsamba-winbind is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860005
          • commentsamba-winbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258010
        • AND
          • commentsamba-client is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860007
          • commentsamba-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258014
        • AND
          • commentsamba-common is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860009
          • commentsamba-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258006
        • AND
          • commentsamba is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860011
          • commentsamba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258022
        • AND
          • commentlibsmbclient-devel is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860013
          • commentlibsmbclient-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258034
        • AND
          • commentsamba-winbind-devel is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860015
          • commentsamba-winbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860014
        • AND
          • commentsamba-doc is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860017
          • commentsamba-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860008
        • AND
          • commentsamba-swat is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860019
          • commentsamba-swat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860010
        • AND
          • commentsamba-winbind-krb5-locator is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860021
          • commentsamba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152258004
        • AND
          • commentsamba-domainjoin-gui is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860023
          • commentsamba-domainjoin-gui is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100860002
        • AND
          • commentsamba-glusterfs is earlier than 0:3.6.23-51.el6
            ovaloval:com.redhat.rhsa:tst:20181860025
          • commentsamba-glusterfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150251026
    rhsa
    idRHSA-2018:1860
    released2018-06-19
    severityLow
    titleRHSA-2018:1860: samba security and bug fix update (Low)
  • bugzilla
    id1538771
    titleCVE-2018-1050 samba: NULL pointer dereference in printer server process
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentsamba4-devel is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883001
          • commentsamba4-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506020
        • AND
          • commentsamba4-winbind-krb5-locator is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883003
          • commentsamba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506018
        • AND
          • commentsamba4-dc-libs is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883005
          • commentsamba4-dc-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506004
        • AND
          • commentsamba4-pidl is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883007
          • commentsamba4-pidl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506008
        • AND
          • commentsamba4-client is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883009
          • commentsamba4-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506002
        • AND
          • commentsamba4-winbind is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883011
          • commentsamba4-winbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506026
        • AND
          • commentsamba4 is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883013
          • commentsamba4 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506006
        • AND
          • commentsamba4-python is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883015
          • commentsamba4-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506024
        • AND
          • commentsamba4-winbind-clients is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883017
          • commentsamba4-winbind-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506022
        • AND
          • commentsamba4-dc is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883019
          • commentsamba4-dc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506016
        • AND
          • commentsamba4-test is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883021
          • commentsamba4-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506012
        • AND
          • commentsamba4-libs is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883023
          • commentsamba4-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506014
        • AND
          • commentsamba4-common is earlier than 0:4.2.10-15.el6
            ovaloval:com.redhat.rhsa:tst:20181883025
          • commentsamba4-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130506028
    rhsa
    idRHSA-2018:1883
    released2018-06-19
    severityLow
    titleRHSA-2018:1883: samba4 security and bug fix update (Low)
  • rhsa
    idRHSA-2018:2612
  • rhsa
    idRHSA-2018:2613
  • rhsa
    idRHSA-2018:3056
rpms
  • libsmbclient-0:3.6.23-51.el6
  • libsmbclient-devel-0:3.6.23-51.el6
  • samba-0:3.6.23-51.el6
  • samba-client-0:3.6.23-51.el6
  • samba-common-0:3.6.23-51.el6
  • samba-debuginfo-0:3.6.23-51.el6
  • samba-doc-0:3.6.23-51.el6
  • samba-domainjoin-gui-0:3.6.23-51.el6
  • samba-glusterfs-0:3.6.23-51.el6
  • samba-swat-0:3.6.23-51.el6
  • samba-winbind-0:3.6.23-51.el6
  • samba-winbind-clients-0:3.6.23-51.el6
  • samba-winbind-devel-0:3.6.23-51.el6
  • samba-winbind-krb5-locator-0:3.6.23-51.el6
  • samba4-0:4.2.10-15.el6
  • samba4-client-0:4.2.10-15.el6
  • samba4-common-0:4.2.10-15.el6
  • samba4-dc-0:4.2.10-15.el6
  • samba4-dc-libs-0:4.2.10-15.el6
  • samba4-debuginfo-0:4.2.10-15.el6
  • samba4-devel-0:4.2.10-15.el6
  • samba4-libs-0:4.2.10-15.el6
  • samba4-pidl-0:4.2.10-15.el6
  • samba4-python-0:4.2.10-15.el6
  • samba4-test-0:4.2.10-15.el6
  • samba4-winbind-0:4.2.10-15.el6
  • samba4-winbind-clients-0:4.2.10-15.el6
  • samba4-winbind-krb5-locator-0:4.2.10-15.el6
  • ctdb-0:4.7.5-110.el6rhs
  • libsmbclient-0:4.7.5-110.el6rhs
  • libsmbclient-devel-0:4.7.5-110.el6rhs
  • libtalloc-0:2.1.11-1.el6rhs
  • libtalloc-debuginfo-0:2.1.11-1.el6rhs
  • libtalloc-devel-0:2.1.11-1.el6rhs
  • libtdb-0:1.3.15-4.el6rhs
  • libtdb-debuginfo-0:1.3.15-4.el6rhs
  • libtdb-devel-0:1.3.15-4.el6rhs
  • libtevent-0:0.9.35-1.el6rhs
  • libtevent-debuginfo-0:0.9.35-1.el6rhs
  • libtevent-devel-0:0.9.35-1.el6rhs
  • libwbclient-0:4.7.5-110.el6rhs
  • libwbclient-devel-0:4.7.5-110.el6rhs
  • pytalloc-0:2.1.11-1.el6rhs
  • pytalloc-devel-0:2.1.11-1.el6rhs
  • python-tdb-0:1.3.15-4.el6rhs
  • python-tevent-0:0.9.35-1.el6rhs
  • samba-0:4.7.5-110.el6rhs
  • samba-client-0:4.7.5-110.el6rhs
  • samba-client-libs-0:4.7.5-110.el6rhs
  • samba-common-0:4.7.5-110.el6rhs
  • samba-common-libs-0:4.7.5-110.el6rhs
  • samba-common-tools-0:4.7.5-110.el6rhs
  • samba-dc-0:4.7.5-110.el6rhs
  • samba-dc-libs-0:4.7.5-110.el6rhs
  • samba-debuginfo-0:4.7.5-110.el6rhs
  • samba-devel-0:4.7.5-110.el6rhs
  • samba-krb5-printing-0:4.7.5-110.el6rhs
  • samba-libs-0:4.7.5-110.el6rhs
  • samba-pidl-0:4.7.5-110.el6rhs
  • samba-python-0:4.7.5-110.el6rhs
  • samba-vfs-glusterfs-0:4.7.5-110.el6rhs
  • samba-winbind-0:4.7.5-110.el6rhs
  • samba-winbind-clients-0:4.7.5-110.el6rhs
  • samba-winbind-krb5-locator-0:4.7.5-110.el6rhs
  • samba-winbind-modules-0:4.7.5-110.el6rhs
  • tdb-tools-0:1.3.15-4.el6rhs
  • ctdb-0:4.7.5-110.el7rhgs
  • libsmbclient-0:4.7.5-110.el7rhgs
  • libsmbclient-devel-0:4.7.5-110.el7rhgs
  • libtalloc-0:2.1.11-1.el7rhgs
  • libtalloc-debuginfo-0:2.1.11-1.el7rhgs
  • libtalloc-devel-0:2.1.11-1.el7rhgs
  • libtdb-0:1.3.15-4.el7rhgs
  • libtdb-debuginfo-0:1.3.15-4.el7rhgs
  • libtdb-devel-0:1.3.15-4.el7rhgs
  • libtevent-0:0.9.35-1.el7rhgs
  • libtevent-debuginfo-0:0.9.35-1.el7rhgs
  • libtevent-devel-0:0.9.35-1.el7rhgs
  • libwbclient-0:4.7.5-110.el7rhgs
  • libwbclient-devel-0:4.7.5-110.el7rhgs
  • pytalloc-0:2.1.11-1.el7rhgs
  • pytalloc-devel-0:2.1.11-1.el7rhgs
  • python-tdb-0:1.3.15-4.el7rhgs
  • python-tevent-0:0.9.35-1.el7rhgs
  • samba-0:4.7.5-110.el7rhgs
  • samba-client-0:4.7.5-110.el7rhgs
  • samba-client-libs-0:4.7.5-110.el7rhgs
  • samba-common-0:4.7.5-110.el7rhgs
  • samba-common-libs-0:4.7.5-110.el7rhgs
  • samba-common-tools-0:4.7.5-110.el7rhgs
  • samba-dc-0:4.7.5-110.el7rhgs
  • samba-dc-libs-0:4.7.5-110.el7rhgs
  • samba-debuginfo-0:4.7.5-110.el7rhgs
  • samba-devel-0:4.7.5-110.el7rhgs
  • samba-krb5-printing-0:4.7.5-110.el7rhgs
  • samba-libs-0:4.7.5-110.el7rhgs
  • samba-pidl-0:4.7.5-110.el7rhgs
  • samba-python-0:4.7.5-110.el7rhgs
  • samba-vfs-glusterfs-0:4.7.5-110.el7rhgs
  • samba-winbind-0:4.7.5-110.el7rhgs
  • samba-winbind-clients-0:4.7.5-110.el7rhgs
  • samba-winbind-krb5-locator-0:4.7.5-110.el7rhgs
  • samba-winbind-modules-0:4.7.5-110.el7rhgs
  • tdb-tools-0:1.3.15-4.el7rhgs
  • cmocka-debuginfo-0:1.1.1-1.el7
  • ctdb-0:4.8.3-4.el7
  • ctdb-tests-0:4.8.3-4.el7
  • libcmocka-0:1.1.1-1.el7
  • libcmocka-devel-0:1.1.1-1.el7
  • libcmocka-static-0:1.1.1-1.el7
  • libsmbclient-0:4.8.3-4.el7
  • libsmbclient-devel-0:4.8.3-4.el7
  • libwbclient-0:4.8.3-4.el7
  • libwbclient-devel-0:4.8.3-4.el7
  • python-iso8601-0:0.1.11-2.el7
  • samba-0:4.8.3-4.el7
  • samba-client-0:4.8.3-4.el7
  • samba-client-libs-0:4.8.3-4.el7
  • samba-common-0:4.8.3-4.el7
  • samba-common-libs-0:4.8.3-4.el7
  • samba-common-tools-0:4.8.3-4.el7
  • samba-dc-0:4.8.3-4.el7
  • samba-dc-libs-0:4.8.3-4.el7
  • samba-debuginfo-0:4.8.3-4.el7
  • samba-devel-0:4.8.3-4.el7
  • samba-krb5-printing-0:4.8.3-4.el7
  • samba-libs-0:4.8.3-4.el7
  • samba-pidl-0:4.8.3-4.el7
  • samba-python-0:4.8.3-4.el7
  • samba-python-test-0:4.8.3-4.el7
  • samba-test-0:4.8.3-4.el7
  • samba-test-libs-0:4.8.3-4.el7
  • samba-vfs-glusterfs-0:4.8.3-4.el7
  • samba-winbind-0:4.8.3-4.el7
  • samba-winbind-clients-0:4.8.3-4.el7
  • samba-winbind-krb5-locator-0:4.8.3-4.el7
  • samba-winbind-modules-0:4.8.3-4.el7

The Hacker News

idTHN:9AF63A5439FB2614532C19DFE04ACC6B
last seen2018-03-13
modified2018-03-13
published2018-03-12
reporterMohit Kumar
sourcehttps://thehackernews.com/2018/03/samba-server-vulnerability.html
titleUpdate Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities

References