CVE-2018-14629
https://notcve.org/view.php?id=CVE-2018-14629
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. Se ha descubierto una vulnerabilidad de denegación de servicio (DoS) en el servidor LDAP de Samba en versiones anteriores a la 4.7.12, 4.8.7, y 4.9.3. Un bucle CNAME podría conducir a una recursión infinita en el servidor. • http://www.securityfocus.com/bid/106022 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20181127-0001 https://usn.ubuntu.com/3827-1 https://usn.ubuntu.com/3827-2 https://www.debian.org/security/2018/dsa-4345 https://www.samba.org/samba/security/CVE-2018-14629.html • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-10919
https://notcve.org/view.php?id=CVE-2018-10919
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. El servidor Samba Active Directory LDAP era vulnerable a una divulgación de información debido a la ausencia de comprobaciones de control de acceso. Un atacante autenticado podría utilizar este fallo para extraer valores de atributo confidenciales utilizando expresiones de búsqueda LDAP. • http://www.securityfocus.com/bid/105081 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919 https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20180814-0001 https://usn.ubuntu.com/3738-1 https://www.debian.org/security/2018/dsa-4271 https://www.samba.org/samba/security/CVE-2018-10919.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-10858 – samba: Insufficient input validation in libsmbclient
https://notcve.org/view.php?id=CVE-2018-10858
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provocar la ejecución de código arbitrario en un cliente de samba. • http://www.securityfocus.com/bid/105085 http://www.securitytracker.com/id/1042002 https://access.redhat.com/errata/RHSA-2018:2612 https://access.redhat.com/errata/RHSA-2018:2613 https://access.redhat.com/errata/RHSA-2018:3056 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858 https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-1050 – samba: NULL pointer dereference in printer server process
https://notcve.org/view.php?id=CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. Todas las versiones de Samba, desde la 4.0.0 en adelante, son vulnerables a un ataque de denegación de servicio (DoS) cuando el servicio RPC spoolss se configura para ejecutarse como demonio externo. La falta de comprobaciones de saneamiento de entradas en algunos de los parámetros de entrada en las llamadas RPC spoolss podrían provocar que el servicio print spooler se cierre inesperadamente. A null pointer dereference flaw was found in Samba RPC external printer service. • http://www.securityfocus.com/bid/103387 http://www.securitytracker.com/id/1040493 https://access.redhat.com/errata/RHSA-2018:1860 https://access.redhat.com/errata/RHSA-2018:1883 https://access.redhat.com/errata/RHSA-2018:2612 https://access.redhat.com/errata/RHSA-2018:2613 https://access.redhat.com/errata/RHSA-2018:3056 https://bugzilla.redhat.com/show_bug.cgi?id=1538771 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6. • CWE-476: NULL Pointer Dereference •
CVE-2018-1057
https://notcve.org/view.php?id=CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). En Samba 4 AD DC, el servidor LDAP en todas las versiones de Samba, desde la 4.0.0 en adelante, valida incorrectamente los permisos para modificar contraseñas por LDAP. Esto permite que usuarios autenticados cambien las contraseñas de cualquier otro usuario, incluyendo usuarios administrativos y cuentas de servicio privilegiadas (por ejemplo, Domain Controllers). • http://www.securityfocus.com/bid/103382 http://www.securitytracker.com/id/1040494 https://bugzilla.redhat.com/show_bug.cgi?id=1553553 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html https://security.gentoo.org/glsa/201805-07 https://security.netapp.com/advisory/ntap-20180313-0001 https://usn.ubuntu.com/3595-1 https://www.debian.org/security/2018/dsa-4135 https://www.samba.org/samba/security/CVE-2018-1057.html https://www.synology.com/support/security& • CWE-863: Incorrect Authorization •