CVE-2018-10858
samba: Insufficient input validation in libsmbclient
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provocar la ejecución de código arbitrario en un cliente de samba. Las versiones 4.6.16, 4.7.9 y 4.8.4 de samba son vulnerables.
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-08-14 CVE Published
- 2024-08-01 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/105085 | Third Party Advisory | |
http://www.securitytracker.com/id/1042002 | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858 | Issue Tracking | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10284 | X_refsource_confirm | |
https://security.netapp.com/advisory/ntap-20180814-0001 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2612 | 2019-06-26 | |
https://access.redhat.com/errata/RHSA-2018:2613 | 2019-06-26 | |
https://access.redhat.com/errata/RHSA-2018:3056 | 2019-06-26 | |
https://access.redhat.com/errata/RHSA-2018:3470 | 2019-06-26 | |
https://security.gentoo.org/glsa/202003-52 | 2019-06-26 | |
https://usn.ubuntu.com/3738-1 | 2019-06-26 | |
https://www.debian.org/security/2018/dsa-4271 | 2019-06-26 | |
https://www.samba.org/samba/security/CVE-2018-10858.html | 2019-06-26 | |
https://access.redhat.com/security/cve/CVE-2018-10858 | 2018-11-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1612805 | 2018-11-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | < 4.6.16 Search vendor "Samba" for product "Samba" and version " < 4.6.16" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.7.0 < 4.7.9 Search vendor "Samba" for product "Samba" and version " >= 4.7.0 < 4.7.9" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.8.0 < 4.8.4 Search vendor "Samba" for product "Samba" and version " >= 4.8.0 < 4.8.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|