Korean
<< Back
VID 23280
Severity 30
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.6.x prior to 4.6.14. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability.

- Missing null pointer checks may crash the external print server process. (CVE-2018-1050)

- Any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. (CVE-2018-1057)

* References:
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/security/CVE-2018-1057.html
https://www.samba.org/samba/history/samba-4.5.16.html
https://www.samba.org/samba/history/samba-4.6.14.html
https://www.samba.org/samba/history/samba-4.7.6.html

* Platforms Affected:
Samba Project, Samba versions 4.6.x before 4.6.14
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.6.14 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2018-1050,CVE-2018-1057 (CVE)
Related URL 103382,103387 (SecurityFocus)
Related URL (ISS)