Test ID:	1.3.6.1.4.1.25623.1.0.704135
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4135-1)
Summary:	The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-4135-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-4135-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. [link moved to references] CVE-2018-1057 Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users. [link moved to references] [link moved to references] For the oldstable distribution (jessie), CVE-2018-1050 will be addressed in a later update. Unfortunately the changes required to fix CVE-2018-1057 for Debian oldstable are too invasive to be backported. Users using Samba as an AD-compatible domain controller are encouraged to apply the workaround described in the Samba wiki and upgrade to Debian stretch. For the stable distribution (stretch), these problems have been fixed in version 2:4.5.12+dfsg-2+deb9u2. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'samba' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1050 BugTraq ID: 103387 http://www.securityfocus.com/bid/103387 https://bugzilla.redhat.com/show_bug.cgi?id=1538771 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180313-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us https://www.samba.org/samba/security/CVE-2018-1050.html Debian Security Information: DSA-4135 (Google Search) https://www.debian.org/security/2018/dsa-4135 https://security.gentoo.org/glsa/201805-07 https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html RedHat Security Advisories: RHSA-2018:1860 https://access.redhat.com/errata/RHSA-2018:1860 RedHat Security Advisories: RHSA-2018:1883 https://access.redhat.com/errata/RHSA-2018:1883 RedHat Security Advisories: RHSA-2018:2612 https://access.redhat.com/errata/RHSA-2018:2612 RedHat Security Advisories: RHSA-2018:2613 https://access.redhat.com/errata/RHSA-2018:2613 RedHat Security Advisories: RHSA-2018:3056 https://access.redhat.com/errata/RHSA-2018:3056 http://www.securitytracker.com/id/1040493 https://usn.ubuntu.com/3595-1/ https://usn.ubuntu.com/3595-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1057 103382 http://www.securityfocus.com/bid/103382 1040494 http://www.securitytracker.com/id/1040494 DSA-4135 GLSA-201805-07 USN-3595-1 [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update https://bugzilla.redhat.com/show_bug.cgi?id=1553553 https://www.samba.org/samba/security/CVE-2018-1057.html https://www.synology.com/support/security/Synology_SA_18_08
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.