ALT Linux Team

Package samba-DC update in c8.1 on 2019-08-08

ALT-PU-2019-2418-1

Package samba-DC updated to version 4.9.11-alt1 for branch c8.1 in task 235302.

Closed vulnerabilities

Published: 2019-05-14

BDU:2019-01870

Уязвимость реализации Heimdal протокола Kerberos пакета программ сетевого взаимодействия Samba, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-08-22

BDU:2020-00695

Уязвимость компонента обработки зоны DNS на сервере программ сетевого взаимодействия Samba, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-08-22

BDU:2020-00697

Уязвимость конфигурации AD DC программ сетевого взаимодействия Samba, позволяющая нарушителю оказать воздействие на целостность информации

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2019-06-19

BDU:2020-00724

Уязвимость программного обеспечения Samba, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-28
Modified: 2024-11-21

CVE-2018-16852

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

Severity: MEDIUM (4.4) Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-28
Modified: 2024-11-21

CVE-2018-16857

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2019-07-31
Modified: 2024-11-21

CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-06-19
Modified: 2024-11-21

CVE-2019-12435

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top