6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.5%
Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629). Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC’s KDC when configured to accept smart-card authentication (CVE-2018-16841). Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC’s LDAP server (CVE-2018-16851). Samba has been updated to version 4.7.12 of the 4.7.x stable branch, and the tdb, talloc, tevent, ldb, and cmocka packages have also been updated. The sssd package has also been rebuilt against the updated ldb.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | tdb | < 1.3.14-1 | tdb-1.3.14-1.mga6 |
Mageia | 6 | noarch | talloc | < 2.1.11-1.1 | talloc-2.1.11-1.1.mga6 |
Mageia | 6 | noarch | tevent | < 0.9.36-1.1 | tevent-0.9.36-1.1.mga6 |
Mageia | 6 | noarch | ldb | < 1.2.3-1 | ldb-1.2.3-1.mga6 |
Mageia | 6 | noarch | cmocka | < 1.1.3-1 | cmocka-1.1.3-1.mga6 |
Mageia | 6 | noarch | sssd | < 1.13.4-9.3 | sssd-1.13.4-9.3.mga6 |
Mageia | 6 | noarch | samba | < 4.7.12-1.1 | samba-4.7.12-1.1.mga6 |
bugs.mageia.org/show_bug.cgi?id=24061
www.debian.org/security/2018/dsa-4345
www.samba.org/samba/history/samba-4.7.0.html
www.samba.org/samba/history/samba-4.7.1.html
www.samba.org/samba/history/samba-4.7.10.html
www.samba.org/samba/history/samba-4.7.11.html
www.samba.org/samba/history/samba-4.7.12.html
www.samba.org/samba/history/samba-4.7.2.html
www.samba.org/samba/history/samba-4.7.3.html
www.samba.org/samba/history/samba-4.7.4.html
www.samba.org/samba/history/samba-4.7.5.html
www.samba.org/samba/history/samba-4.7.6.html
www.samba.org/samba/history/samba-4.7.7.html
www.samba.org/samba/history/samba-4.7.8.html
www.samba.org/samba/history/samba-4.7.9.html
www.samba.org/samba/security/CVE-2018-14629.html
www.samba.org/samba/security/CVE-2018-16841.html
www.samba.org/samba/security/CVE-2018-16851.html
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.5%