English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891754
Category:Debian Local Security Checks
Title:Debian LTS Advisory ([SECURITY] [DLA 1754-1] samba security update)
Summary:The remote host is missing an update for the 'samba'; package(s) announced via the DSA-1754-1 advisory.
Description:Summary:
The remote host is missing an update for the 'samba'
package(s) announced via the DSA-1754-1 advisory.

Vulnerability Insight:
Various vulnerabilities were discovered in Samba, SMB/CIFS file, print,
and login server/client for Unix

CVE-2017-9461

smbd in Samba had a denial of service vulnerability (fd_open_atomic
infinite loop with high CPU usage and memory consumption) due to
wrongly handling dangling symlinks.

CVE-2018-1050

Samba was vulnerable to a denial of service attack when the RPC
spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to
spoolss RPC calls could have caused the print spooler service to
crash.

CVE-2018-1057

On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
permissions to modify passwords over LDAP allowing authenticated
users to change any other users' passwords, including administrative
users and privileged service accounts (eg Domain Controllers).

Thanks to the Ubuntu security team for having backported the rather
invasive changeset to Samba in Ubuntu 14.04 (which we could use to
patch Samba in Debian jessie LTS).

CVE-2019-3880

A flaw was found in the way Samba implemented an RPC endpoint
emulating the Windows registry service API. An unprivileged attacker
could have used this flaw to create a new registry hive file anywhere
they had unix permissions which could have lead to creation of a new
file in the Samba share.

Affected Software/OS:
'samba' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
2:4.2.14+dfsg-0+deb8u12.

We recommend that you upgrade your samba packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9461
BugTraq ID: 99455
http://www.securityfocus.com/bid/99455
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
RedHat Security Advisories: RHSA-2017:1950
https://access.redhat.com/errata/RHSA-2017:1950
RedHat Security Advisories: RHSA-2017:2338
https://access.redhat.com/errata/RHSA-2017:2338
RedHat Security Advisories: RHSA-2017:2778
https://access.redhat.com/errata/RHSA-2017:2778
Common Vulnerability Exposure (CVE) ID: CVE-2018-1050
BugTraq ID: 103387
http://www.securityfocus.com/bid/103387
Debian Security Information: DSA-4135 (Google Search)
https://www.debian.org/security/2018/dsa-4135
https://security.gentoo.org/glsa/201805-07
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
RedHat Security Advisories: RHSA-2018:1860
https://access.redhat.com/errata/RHSA-2018:1860
RedHat Security Advisories: RHSA-2018:1883
https://access.redhat.com/errata/RHSA-2018:1883
RedHat Security Advisories: RHSA-2018:2612
https://access.redhat.com/errata/RHSA-2018:2612
RedHat Security Advisories: RHSA-2018:2613
https://access.redhat.com/errata/RHSA-2018:2613
RedHat Security Advisories: RHSA-2018:3056
https://access.redhat.com/errata/RHSA-2018:3056
http://www.securitytracker.com/id/1040493
https://usn.ubuntu.com/3595-1/
https://usn.ubuntu.com/3595-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1057
BugTraq ID: 103382
http://www.securityfocus.com/bid/103382
http://www.securitytracker.com/id/1040494
Common Vulnerability Exposure (CVE) ID: CVE-2019-3880
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
https://www.samba.org/samba/security/CVE-2019-3880.html
SuSE Security Announcement: openSUSE-SU-2019:1180 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
SuSE Security Announcement: openSUSE-SU-2019:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.