Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 196
    • Merge Requests 196
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9249

Closed
Open
Opened Aug 16, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)

CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.

Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a directory listing.

Fixed In Version:

samba 4.6.16, samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html

CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server

All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.

Fixed In Version:

samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html

CVE-2018-10919: Confidential attribute disclosure via substring search

All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.

Fixed In Version:

samba 4.6.16, samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html

CVE-2018-1139: Weak authentication protocol regression

Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.

Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.

Fixed In Version:

samba 4.7.9, samba 4.8.4

References:

https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html

CVE-2018-1140: Denial of Service Attack on DNS and LDAP server

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.

Fixed In Version:

samba 4.8.4

References:

https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html

(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)

  • Relations:
    • copied_to #9248 (closed)
    • parent #9248 (closed)
  • Changesets:
    • Revision d773d4c9 by Andy Postnikov on 2018-08-20T14:33:06Z:
main/samba: security upgrade to 4.8.4

Fixes #9249
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9249