PT-2018-3372 · Samba+2 · Samba+2

Andrej Gessel

Published

2018-08-14

Updated

2024-06-15

CVE-2018-1140

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Samba versions 4.8.0 and later

Description: The issue is related to a missing input sanitization flaw in the implementation of the LDP database used for the LDAP server, which can be exploited to cause a denial of service against a Samba server used as an Active Directory Domain Controller. This can allow an attacker to cause the server to crash, resulting in a denial of service. The vulnerability is also associated with a lack of null pointer check, enabling malicious actors to trigger a crash of the LDAP and DNS server.

Recommendations: For Samba versions 4.8.0 and later, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2166

ALT-PU-2018-2167

ALT-PU-2018-2168

ALT-PU-2018-2488

ALT-PU-2018-2489

ALT-PU-2018-2600

BDU:2020-00694

CVE-2018-1140

ECHO-DE15-31C1-C2E8

OPENSUSE-SU-2018_2400-1

OPENSUSE-SU-2024:10911-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:2318-1

Affected Products

Alt Linux

Samba

Suse

PT-2018-3372 · Samba+2 · Samba+2

CVE-2018-1140

Weakness Enumeration

Related Identifiers

Affected Products

References · 91