Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1050

Опубликовано: 13 мар. 2018
Источник: redhat
CVSS3: 4.3
EPSS Средний

Описание

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.

Меры по смягчению последствий

Ensure the paramter: rpc_server:spoolss = external is not set in the [global] section of your smb.conf.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaNot affected
Red Hat Enterprise Linux 5samba3xNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Enterprise Linux 6sambaFixedRHSA-2018:186019.06.2018
Red Hat Enterprise Linux 6samba4FixedRHSA-2018:188319.06.2018
Red Hat Enterprise Linux 7sambaFixedRHSA-2018:305630.10.2018
Red Hat Gluster Storage 3.4 for RHEL 6libtallocFixedRHSA-2018:261204.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6libtdbFixedRHSA-2018:261204.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6libteventFixedRHSA-2018:261204.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6sambaFixedRHSA-2018:261204.09.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1538771samba: NULL pointer dereference in printer server process

EPSS

Процентиль: 96%
0.2411
Средний

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1050

CVSS3: 4.3
ubuntu
больше 7 лет назад

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

nvd логотип

CVE-2018-1050

CVSS3: 4.3
nvd
больше 7 лет назад

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

msrc логотип

CVE-2018-1050

CVSS3: 4.3
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2018-1050

CVSS3: 4.3
debian
больше 7 лет назад

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...

suse-cvrf логотип

openSUSE-SU-2018:0801-1

suse-cvrf
больше 7 лет назад

Security update for samba, talloc, tevent

EPSS

Процентиль: 96%
0.2411
Средний

4.3 Medium

CVSS3