Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1754-1:AE022
HistoryApr 09, 2019 - 8:33 p.m.

[SECURITY] [DLA 1754-1] samba security update

2019-04-0920:33:14
lists.debian.org
106

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON

Package : samba
Version : 2:4.2.14+dfsg-0+deb8u12
CVE ID : CVE-2017-9461 CVE-2018-1050 CVE-2018-1057 CVE-2019-3880

Various vulnerabilities were discovered in Samba, SMB/CIFS file, print,
and login server/client for Unix

CVE-2017-9461

smbd in Samba had a denial of service vulnerability (fd_open_atomic
infinite loop with high CPU usage and memory consumption) due to
wrongly handling dangling symlinks.

CVE-2018-1050

Samba was vulnerable to a denial of service attack when the RPC
spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to
spoolss RPC calls could have caused the print spooler service to
crash.

CVE-2018-1057

On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
permissions to modify passwords over LDAP allowing authenticated
users to change any other users' passwords, including administrative
users and privileged service accounts (eg Domain Controllers).

Thanks to the Ubuntu security team for having backported the rather
invasive changeset to Samba in Ubuntu 14.04 (which we could use to
patch Samba in Debian jessie LTS).

CVE-2019-3880

A flaw was found in the way Samba implemented an RPC endpoint
emulating the Windows registry service API. An unprivileged attacker
could have used this flaw to create a new registry hive file anywhere
they had unix permissions which could have lead to creation of a new
file in the Samba share.

For Debian 8 "Jessie", these problems have been fixed in version
2:4.2.14+dfsg-0+deb8u12.

We recommend that you upgrade your samba packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net

Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9mipselpython-samba-dbgsym< 2:4.5.16+dfsg-1+deb9u1python-samba-dbgsym_2:4.5.16+dfsg-1+deb9u1_mipsel.deb
Debian9mipselregistry-tools< 2:4.5.16+dfsg-1+deb9u1registry-tools_2:4.5.16+dfsg-1+deb9u1_mipsel.deb
Debian9armhfregistry-tools-dbgsym< 2:4.5.16+dfsg-1+deb9u1registry-tools-dbgsym_2:4.5.16+dfsg-1+deb9u1_armhf.deb
Debian9mipselsamba-testsuite< 2:4.5.16+dfsg-1+deb9u1samba-testsuite_2:4.5.16+dfsg-1+deb9u1_mipsel.deb
Debian9mipsellibsmbclient-dev< 2:4.5.16+dfsg-1+deb9u1libsmbclient-dev_2:4.5.16+dfsg-1+deb9u1_mipsel.deb
Debian9mipselsamba-vfs-modules< 2:4.5.16+dfsg-1+deb9u1samba-vfs-modules_2:4.5.16+dfsg-1+deb9u1_mipsel.deb
Debian8armelwinbind< 2:4.2.14+dfsg-0+deb8u12winbind_2:4.2.14+dfsg-0+deb8u12_armel.deb
Debian9armhfsamba-dev< 2:4.5.16+dfsg-1+deb9u1samba-dev_2:4.5.16+dfsg-1+deb9u1_armhf.deb
Debian9i386libwbclient-dev< 2:4.5.16+dfsg-1+deb9u1libwbclient-dev_2:4.5.16+dfsg-1+deb9u1_i386.deb
Debian9mipssamba-common-bin< 2:4.5.16+dfsg-1+deb9u1samba-common-bin_2:4.5.16+dfsg-1+deb9u1_mips.deb
Rows per page:
1-10 of 4291

Related

osv 8
nessus 60
openvas 36
cisa 1
altlinux 6
thn 1
fedora 3
ubuntu 5
debian 5
mageia 1
archlinux 1
ibm 10
threatpost 1
freebsd 1
centos 4
redhat 9
redhatcve 4
cve 4
debiancve 4
ubuntucve 4
prion 4
veracode 4
zdt 1
suse 3
slackware 1
alpinelinux 3
f5 2
samba 3
checkpoint_advisories 2
cbl_mariner 2
oraclelinux 3
amazon 2
gentoo 1
osv
osv
samba - security update
2019-04-09 00:00:00
samba - security update
2018-03-13 00:00:00
CVE-2017-9461
2017-06-06 21:29:00
nessus
nessus
Debian DLA-1754-1 : samba security update
2019-04-10 00:00:00
Fedora 27 : 2:samba / libldb (2018-c5c651ac44)
2018-03-15 00:00:00
Fedora 26 : 2:samba (2018-7d0acd608b)
2018-03-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1754-1)
2019-04-10 00:00:00
Samba 4.x Multiple Vulnerabilities (CVE-2018-1050, CVE-2018-1057)
2018-03-14 00:00:00
Mageia: Security Advisory (MGASA-2018-0201)
2022-01-28 00:00:00
cisa
cisa
Samba Releases Security Updates
2018-03-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.6.14-alt1.S1
2018-03-12 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.6.14-alt1
2018-03-12 00:00:00
Security fix for the ALT Linux 8 package samba version 4.6.14-alt1
2018-03-12 00:00:00
thn
thn
Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
2018-03-13 10:05:00
fedora
fedora
[SECURITY] Fedora 27 Update: samba-4.7.6-0.fc27
2018-03-14 19:40:44
[SECURITY] Fedora 27 Update: libldb-1.3.2-1.fc27
2018-03-14 19:40:43
[SECURITY] Fedora 26 Update: samba-4.6.14-0.fc26
2018-03-20 17:38:39
ubuntu
ubuntu
Samba vulnerabilities
2018-03-13 00:00:00
Samba vulnerability
2017-07-05 00:00:00
Samba vulnerability
2018-03-23 00:00:00
debian
debian
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DSA 4427-1] samba security update
2019-04-08 08:26:34
mageia
mageia
Updated samba packages fix security vulnerabilities
2018-04-13 23:08:48
archlinux
archlinux
[ASA-201803-10] samba: multiple issues
2018-03-13 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461)
2018-08-01 19:27:17
Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461)
2018-06-18 00:35:46
threatpost
threatpost
Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 12:56:17
freebsd
freebsd
samba -- multiple vulnerabilities
2018-01-03 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2017-08-24 01:41:27
ctdb, libsmbclient, libwbclient, samba security update
2019-08-30 04:18:41
samba4 security update
2018-06-21 11:56:05
redhat
redhat
(RHSA-2017:1950) Low: samba security, bug fix, and enhancement update
2017-08-01 05:56:25
(RHSA-2018:1860) Low: samba security and bug fix update
2018-06-19 02:11:16
(RHSA-2019:1967) Moderate: samba security, bug fix and enhancement update
2019-07-30 10:16:50
redhatcve
redhatcve
CVE-2017-9461
2017-06-07 09:37:18
CVE-2018-1057
2018-03-13 10:19:11
CVE-2019-3880
2020-01-12 03:42:10
cve
cve
CVE-2017-9461
2017-06-06 21:29:00
CVE-2018-1057
2018-03-13 16:29:00
CVE-2018-1050
2018-03-13 16:29:00
debiancve
debiancve
CVE-2017-9461
2017-06-06 21:29:00
CVE-2018-1057
2018-03-13 16:29:00
CVE-2018-1050
2018-03-13 16:29:00
ubuntucve
ubuntucve
CVE-2017-9461
2017-06-06 00:00:00
CVE-2018-1057
2018-03-13 00:00:00
CVE-2019-3880
2019-04-08 00:00:00
prion
prion
Denial of service
2017-06-06 21:29:00
Code injection
2018-03-13 16:29:00
Design/Logic Flaw
2018-03-13 16:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:18:48
Privilege Escalation
2020-05-10 23:21:23
Denial Of Service (DoS)
2019-01-15 09:23:30
zdt
zdt
Samba 4.x Password Change Vulnerability
2018-03-16 00:00:00
suse
suse
Security update for samba (moderate)
2018-06-16 15:14:49
Security update for samba (important)
2019-04-10 00:00:00
Security update for samba (moderate)
2019-04-29 00:00:00
slackware
slackware
[slackware-security] samba
2018-03-13 22:18:59
alpinelinux
alpinelinux
CVE-2018-1057
2018-03-13 16:29:00
CVE-2018-1050
2018-03-13 16:29:00
CVE-2019-3880
2019-04-09 16:29:00
f5
f5
K21595932 : Samba vulnerability CVE-2018-1057
2018-03-21 00:00:00
K01494912 : Samba vulnerability CVE-2018-1050
2020-12-17 00:00:00
samba
samba
Authenticated users can change other users' password
2018-03-13 00:00:00
Save registry file outside share as unprivileged user
2019-04-08 00:00:00
Denial of Service Attack on external print server.
2018-03-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Samba LDAP AD DC Privilege Escalation (CVE-2018-1057)
2019-02-20 00:00:00
Samba Printer Server spoolss Denial Of Service (CVE-2018-1050)
2018-06-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-1057 affecting package samba 4.12.5-4
2024-05-04 09:06:34
CVE-2018-1050 affecting package samba 4.12.5-4
2024-05-04 09:06:34
oraclelinux
oraclelinux
samba4 security and bug fix update
2018-06-25 00:00:00
samba security, bug fix, and enhancement update
2019-08-13 00:00:00
samba security, bug fix, and enhancement update
2019-11-14 00:00:00
amazon
amazon
Medium: samba
2019-11-04 22:25:00
Medium: samba
2019-12-13 21:18:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2018-05-22 00:00:00

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON
Related for DEBIAN:DLA-1754-1:AE022
osv8nessus60openvas36cisa1altlinux6thn1fedora3ubuntu5debian5mageia1archlinux1ibm10threatpost1freebsd1centos4redhat9redhatcve4cve4debiancve4ubuntucve4prion4veracode4zdt1suse3slackware1alpinelinux3f52samba3checkpoint_advisories2cbl_mariner2oraclelinux3amazon2gentoo1