Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

Ubuntu: 3595-1 Critical: Samba Access And Denial Of Service Threats

ubuntu
Calendar Grey March 13, 2018
Scroller Ubuntu
Several vulnerabilities in Samba were addressed in different Ubuntu versions, improving overall system safety and stability.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Björn Baumbach discovered that Samba incorrectly validated permissions when

changing account passwords via LDAP. An authenticated attacker could use this

issue to change the password of other users, including administrators, and

perform actions as those users. (CVE-2018-1057)

It was discovered that Samba incorrectly validated inputs to the RPC spoolss

service. An authenticated attacker could use this issue to cause the service to

crash, resulting in a denial of service. (CVE-2018-1050)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  samba                           2:4.6.7+dfsg-1ubuntu3.2
  samba-dsdb-modules              2:4.6.7+dfsg-1ubuntu3.2

Ubuntu 16.04 LTS:
  samba                           2:4.3.11+dfsg-0ubuntu0.16.04.13
  samba-dsdb-modules              2:4.3.11+dfsg-0ubuntu0.16.04.13

Ubuntu 14.04 LTS:
  samba                           2:4.3.11+dfsg-0ubuntu0.14.04.14
  samba-dsdb-modules              2:4.3.11+dfsg-0ubuntu0.14.04.14

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3595-1

CVE-2018-1050, CVE-2018-1057

Severity
critical
Lowest
Low
Medium
High
Critical

March 13, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.