Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0011)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0011

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0011)

Resumen: The remote host is missing an update for the 'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2019-0011 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2019-0011 advisory.

Vulnerability Insight:
Florian Stuelpner discovered that Samba is vulnerable to infinite query
recursion caused by CNAME loops, resulting in denial of service
(CVE-2018-14629).

Alex MacCuish discovered that a user with a valid certificate or smart
card can crash the Samba AD DC's KDC when configured to accept
smart-card authentication (CVE-2018-16841).

Garming Sam of the Samba Team and Catalyst discovered a NULL pointer
dereference vulnerability in the Samba AD DC LDAP server allowing a user
able to read more than 256MB of LDAP entries to crash the Samba AD DC's
LDAP server (CVE-2018-16851).

Samba has been updated to version 4.7.12 of the 4.7.x stable branch, and
the tdb, talloc, tevent, ldb, and cmocka packages have also been updated.

The sssd package has also been rebuilt against the updated ldb.

Affected Software/OS:
'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-14629
BugTraq ID: 106022
http://www.securityfocus.com/bid/106022
Debian Security Information: DSA-4345 (Google Search)
https://www.debian.org/security/2018/dsa-4345
https://security.gentoo.org/glsa/202003-52
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html
https://usn.ubuntu.com/3827-1/
https://usn.ubuntu.com/3827-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-16841
BugTraq ID: 106023
http://www.securityfocus.com/bid/106023
Common Vulnerability Exposure (CVE) ID: CVE-2018-16851
BugTraq ID: 106027
http://www.securityfocus.com/bid/106027

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0011
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0011)
Resumen:	The remote host is missing an update for the 'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2019-0011 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2019-0011 advisory. Vulnerability Insight: Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629). Alex MacCuish discovered that a user with a valid certificate or smart card can crash the Samba AD DC's KDC when configured to accept smart-card authentication (CVE-2018-16841). Garming Sam of the Samba Team and Catalyst discovered a NULL pointer dereference vulnerability in the Samba AD DC LDAP server allowing a user able to read more than 256MB of LDAP entries to crash the Samba AD DC's LDAP server (CVE-2018-16851). Samba has been updated to version 4.7.12 of the 4.7.x stable branch, and the tdb, talloc, tevent, ldb, and cmocka packages have also been updated. The sssd package has also been rebuilt against the updated ldb. Affected Software/OS: 'cmocka, ldb, samba, sssd, talloc, tdb, tevent' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14629 BugTraq ID: 106022 http://www.securityfocus.com/bid/106022 Debian Security Information: DSA-4345 (Google Search) https://www.debian.org/security/2018/dsa-4345 https://security.gentoo.org/glsa/202003-52 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://usn.ubuntu.com/3827-1/ https://usn.ubuntu.com/3827-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16841 BugTraq ID: 106023 http://www.securityfocus.com/bid/106023 Common Vulnerability Exposure (CVE) ID: CVE-2018-16851 BugTraq ID: 106027 http://www.securityfocus.com/bid/106027
Copyright	Copyright (C) 2022 Greenbone AG