Heap-based buffer overflow in Samba

#VU14333 Heap-based buffer overflow in Samba

Cybersecurity Help s.r.o.

Published: 2018-08-14

Vulnerability identifier: #VU14333

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10858

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.

Mitigation

Update to version 4.6.16, 4.7.9, or 4.8.4.

Vulnerable software versions

Samba: 4.8.0 - 4.8.3, 4.7.0 - 4.7.8, 4.6.0 - 4.6.15, 4.5.0 - 4.5.16, 4.4.0 - 4.4.16, 4.3.0 - 4.3.13, 4.2.0 - 4.2.14, 4.1.0 - 4.1.23, 4.0.0 - 4.0.26, 3.6.0 - 3.6.25, 3.5.0 - 3.5.22, 3.4.0 - 3.4.17, 3.3.0 - 3.3.16, 3.2.0 - 3.2.15

External links
http://www.samba.org/samba/security/CVE-2018-10858.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Samba

Amazon Linux AMI update for samba

Red Hat update for samba

Slackware Linux update for samba

OpenSUSE Linux update for samba

Heap-based buffer overflow in samba (Alpine package)

Debian update for samba