VID |
23280 |
Severity |
30 |
Port |
139 |
Protocol |
TCP |
Class |
Samba |
Detailed Description |
The version of Samba running on the remote host is 4.6.x prior to 4.6.14. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability.
- Missing null pointer checks may crash the external print server process. (CVE-2018-1050)
- Any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. (CVE-2018-1057)
* References: https://www.samba.org/samba/security/CVE-2018-1050.html https://www.samba.org/samba/security/CVE-2018-1057.html https://www.samba.org/samba/history/samba-4.5.16.html https://www.samba.org/samba/history/samba-4.6.14.html https://www.samba.org/samba/history/samba-4.7.6.html
* Platforms Affected: Samba Project, Samba versions 4.6.x before 4.6.14 Linux Any version Unix Any version |
Recommendation |
Upgrade to the latest version of Samba 4.6.14 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
Related URL |
CVE-2018-1050,CVE-2018-1057 (CVE) |
Related URL |
103382,103387 (SecurityFocus) |
Related URL |
(ISS) |
|