PT-2018-1054 · Samba+5 · Samba+5

Jeremy Allison

·

Published

2018-03-13

·

Updated

2024-06-15

·

CVE-2018-1050

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Samba versions 4.0.0 and later
Description The issue is related to a denial of service attack when the RPC spoolss service is configured to run as an external daemon. Missing input sanitization checks on some input parameters to spoolss RPC calls could cause the print spooler service to crash, allowing a remote attacker to disrupt the service. This is due to the lack of input validation for certain parameters in the spoolss RPC calls.
Recommendations For Samba versions 4.0.0 and later, consider disabling the RPC spoolss service or restricting its use as an external daemon until a fix is available. As a temporary workaround, restrict access to the spoolss RPC calls to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

ALT-PU-2018-1411
ALT-PU-2018-1412
ALT-PU-2018-1497
ALT-PU-2018-1498
ALT-PU-2018-2488
ALT-PU-2018-2489
AZL-7345
BDU:2018-00367
CESA-2018_1860
CESA-2018_1883
CESA-2018_3056
CVE-2018-1050
DLA-1320-1
DLA-1754-1
DSA-4135-1
ECHO-107F-D080-18F1
MGASA-2018-0201
OPENSUSE-SU-2024:11365-1
RHSA-2018:1860
RHSA-2018:1883
RHSA-2018:2612
RHSA-2018:2613
RHSA-2018:3056
RHSA-2018_1860
RHSA-2018_1883
RHSA-2018_3056
SUSE-SU-2018:0754-1
SUSE-SU-2018:0774-1
SUSE-SU-2018:0832-1
SUSE-SU-2018:2321-1
SUSE-SU-2018:2339-1
SUSE-SU-2018:2339-2
SUSE-SU-2018_0754-1
SUSE-SU-2018_0832-1
SUSE-SU-2018_2339-1
SUSE-SU-2018_2339-2
USN-3595-1
USN-3595-2

Affected Products

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu