ALT Linux Team

Package samba update in p8 on 2018-05-03

ALT-PU-2018-1649-1

Package samba updated to version 4.6.15-alt1.M80P.1 for branch p8 in task 204403.

Closed vulnerabilities

Published: 2018-03-13

BDU:2018-00367

Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-03-13

BDU:2018-00368

Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей

Severity: HIGH (7.4) Vector: AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2018-03-13
Modified: 2024-11-21

CVE-2018-1050

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2018-03-13
Modified: 2024-11-21

CVE-2018-1057

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top