CVE-2018-10858

2018-08-1400:00:00

ubuntu.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON

A heap-buffer overflow was found in the way samba clients processed extra
long filename in a directory listing. A malicious samba server could use
this flaw to cause arbitrary code execution on a samba client. Samba
versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=13453>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsamba< 2:4.7.6+dfsg~ubuntu-0ubuntu2.2UNKNOWN
ubuntu14.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.14.04.16UNKNOWN
ubuntu16.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.16.04.15UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	samba	< 2:4.7.6+dfsg~ubuntu-0ubuntu2.2	UNKNOWN
ubuntu	14.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.14.04.16	UNKNOWN
ubuntu	16.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.16.04.15	UNKNOWN