[ASA-201803-10] samba: multiple issues
Jelle van der Waa
jelle at archlinux.org
Wed Mar 14 15:24:16 UTC 2018
Arch Linux Security Advisory ASA-201803-10
Date : 2018-03-13
CVE-ID : CVE-2018-1050 CVE-2018-1057
Package : samba
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-651
The package samba before version 4.7.6-1 is vulnerable to multiple
issues including access restriction bypass and denial of service.
Upgrade to 4.7.6-1.
# pacman -Syu "samba>=4.7.6-1"
The problems have been fixed upstream in version 4.7.6.
Ensure the parameter:
rpc_server:spoolss = external
is not set in the [global] section of your smb.conf.
Revoke the change passwords right for 'the world' from all user objects
(including computers) in the directory, leaving only the right to
change a user's own password.
- CVE-2018-1050 (denial of service)
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
service attack when the RPC spoolss service is configured to be run as
an external daemon. Missing input sanitization checks on some of the
input parameters to spoolss RPC calls could cause the print spooler
service to crash.
- CVE-2018-1057 (access restriction bypass)
On a Samba 4 AD DC any authenticated user can change other users'
passwords over LDAP, including the passwords of administrative users
and service accounts.
A remote attacker is able to change other users passwords on a Samba 4
AD DC or perform a denial of service attack by sending a specially
crafted request to the spoolss service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the arch-security