CVE-2018-10858

Опубликовано: 22 авг. 2018

Источник: nvd

CVSS3: 4.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Ссылки

http://www.securityfocus.com/bid/105085
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042002
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858
Issue Tracking
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10284
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20180814-0001/
Third Party Advisory
https://usn.ubuntu.com/3738-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4271
Third Party Advisory
https://www.samba.org/samba/security/CVE-2018-10858.html
Vendor Advisory
http://www.securityfocus.com/bid/105085
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042002
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия до 4.6.16 (исключая)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия от 4.7.0 (включая) до 4.7.9 (исключая)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Версия от 4.8.0 (включая) до 4.8.4 (исключая)

Конфигурация 4

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07048

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

CWE-119

Связанные уязвимости

CVE-2018-10858

CVSS3: 4.3

ubuntu

почти 7 лет назад

CVE-2018-10858

CVSS3: 4.3

redhat

почти 7 лет назад

CVE-2018-10858

CVSS3: 4.3

debian

почти 7 лет назад

A heap-buffer overflow was found in the way samba clients processed ex ...

openSUSE-SU-2018:2396-1

suse-cvrf

почти 7 лет назад

Security update for samba

SUSE-SU-2018:2329-1

suse-cvrf

почти 7 лет назад

Security update for samba

EPSS

Процентиль: 91%

0.07048

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

CWE-119