CVE-2018-1050

Sažetak

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Reference

https://www.samba.org/samba/security/CVE-2018-1050.html
https://bugzilla.redhat.com/show_bug.cgi?id=1538771
https://www.debian.org/security/2018/dsa-4135
https://security.netapp.com/advisory/ntap-20180313-0001/
http://www.securitytracker.com/id/1040493
http://www.securityfocus.com/bid/103387
https://usn.ubuntu.com/3595-1/
https://usn.ubuntu.com/3595-2/
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
https://access.redhat.com/errata/RHSA-2018:1883
https://access.redhat.com/errata/RHSA-2018:1860
https://access.redhat.com/errata/RHSA-2018:2613
https://access.redhat.com/errata/RHSA-2018:2612
https://security.gentoo.org/glsa/201805-07
https://access.redhat.com/errata/RHSA-2018:3056
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:A/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

01-09-2022 - 16:35

Objavljeno

13-03-2018 - 16:29