Debian Jessie DLA-1754-1 Critical Samba Denial Of Service
debian lts
April 9, 2019
Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix
Topics Covered
Summary
CVE-2017-9461
smbd in Samba had a denial of service vulnerability (fd_open_atomic
infinite loop with high CPU usage and memory consumption) due to
wrongly handling dangling symlinks.
CVE-2018-1050
Samba was vulnerable to a denial of service attack when the RPC
spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to
spoolss RPC calls could have caused the print spooler service to
crash.
CVE-2018-1057
On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
permissions to modify passwords over LDAP allowing authenticated
users to change any other users' passwords, including administrative
users and privileged service accounts (eg Domain Controllers).
Thanks to the Ubuntu security team for having backported the rather
invasive changeset to Samba in Ubuntu 14.04 (which we could use to
patch Samba in Debian jessie LTS).
CVE-2019-3880
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: samba
Version: 2:4.2.14+dfsg-0+deb8u12
CVE ID: CVE-2017-9461 CVE-2018-1050 CVE-2018-1057 CVE-2019-3880
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!