Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Debian: DSA-4135-1 Critical Samba Security Update for LDAP Issues

debian
Calendar Grey March 13, 2018
Scroller Debian
A Samba security patch resolves security flaws CVE-2018-1050 and CVE-2018-1057 in Debian systems. Users are advised to update.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix

Summary

CVE-2018-1050

It was discovered that Samba is prone to a denial of service
attack when the RPC spoolss service is configured to be run as an
external daemon.



CVE-2018-1057

Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the
LDAP server incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users passwords, including administrative users.




For the oldstable distribution (jessie), CVE-2018-1050 will be addressed
in a later update. Unfortunately the changes required to fix
CVE-2018-1057 for Debian oldstable are too invasive to be backported.
Users using Samba as an AD-compatible domain controller are encouraged
to apply the workaround described in the Samba wiki and upgrade to
Debian stretch.

For the stable distribution (stretch), these problems have been fixed in
version 2:4.5.12+dfsg-2+deb9u2.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please r...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: samba
CVE ID: CVE-2018-1050 CVE-2018-1057

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.