SB2018090406 - Red Hat update for samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018090406

SB2018090406 - Red Hat update for samba

Published: September 4, 2018

Security Bulletin ID SB2018090406
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-1050)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing RPC requests to the spoolss service. A remote attacker can send a specially crafted RPC request to the affected service and trigger denial of service conditions.

Successful exploitation of the vulnerability requires that the RPC spoolss service services is configured as external daemon.

2) Weakn encryption (CVE-ID: CVE-2018-1139)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.


3) Heap-based buffer overflow (CVE-ID: CVE-2018-10858)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.


Remediation

Install update from vendor's website.

References