| VID |
23281 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.7.x prior to 4.7.6. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability.
- Missing null pointer checks may crash the external print server process. (CVE-2018-1050)
- Any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. (CVE-2018-1057)
* References:
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/security/CVE-2018-1057.html
https://www.samba.org/samba/history/samba-4.5.16.html
https://www.samba.org/samba/history/samba-4.6.14.html
https://www.samba.org/samba/history/samba-4.7.6.html
* Platforms Affected:
Samba Project, Samba versions 4.7.x before 4.7.6
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.7.6 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2018-1050,CVE-2018-1057 (CVE) |
| Related URL |
103382,103387 (SecurityFocus) |
| Related URL |
(ISS) |
|
