Описание
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.
Меры по смягчению последствий
Ensure the paramter: rpc_server:spoolss = external is not set in the [global] section of your smb.conf.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba3x | Not affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba | Fixed | RHSA-2018:1860 | 19.06.2018 |
| Red Hat Enterprise Linux 6 | samba4 | Fixed | RHSA-2018:1883 | 19.06.2018 |
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2018:3056 | 30.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtalloc | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtdb | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtevent | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | samba | Fixed | RHSA-2018:2612 | 04.09.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...
EPSS
4.3 Medium
CVSS3