PT-2018-2504 · Samba+3 · Samba+3

Florian Stã¼Lpner

Publicado

2018-09-03

Atualizado

2024-06-15

CVE-2018-14629

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.7.12 Samba versions prior to 4.8.7 Samba versions prior to 4.9.3

Description The issue is related to an error in handling requests containing CNAME loop records in the Samba package's network interaction software. This can be exploited by a remote attacker to cause infinite recursion on the server, resulting in a denial of service. An unprivileged local attacker could create such an entry, leading to denial of service.

Recommendations For versions prior to 4.7.12, update to version 4.7.12 or later. For versions prior to 4.8.7, update to version 4.8.7 or later. For versions prior to 4.9.3, update to version 4.9.3 or later.

Exploit

Correção

DoS

Infinite Loop

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835CWE-400

Identificadores relacionados

ALT-PU-2018-2743

ALT-PU-2018-2744

ALT-PU-2018-2950

ALT-PU-2018-2951

BDU:2019-00874

CVE-2018-14629

DLA-1607-1

DSA-4345-1

ECHO-F786-8320-5449

MGASA-2019-0011

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:4066-1

SUSE-SU-2018_4066-1

USN-3827-1

USN-3827-2

Produtos afetados

Alt Linux

Samba

Suse

Ubuntu

PT-2018-2504 · Samba+3 · Samba+3

CVE-2018-14629

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 124