CVE-2018-10858

Опубликовано: 16 авг. 2018

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	samba	Not affected
Red Hat Enterprise Linux 5	samba3x	Not affected
Red Hat Enterprise Linux 6	samba	Not affected
Red Hat Enterprise Linux 8	samba	Not affected
Red Hat Enterprise Linux 7	samba	Fixed	RHSA-2018:3056	30.10.2018
Red Hat Gluster Storage 3.4 for RHEL 6	libtalloc	Fixed	RHSA-2018:2612	04.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6	libtdb	Fixed	RHSA-2018:2612	04.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6	libtevent	Fixed	RHSA-2018:2612	04.09.2018
Red Hat Gluster Storage 3.4 for RHEL 6	samba	Fixed	RHSA-2018:2612	04.09.2018
Red Hat Gluster Storage 3.4 for RHEL 7	libtalloc	Fixed	RHSA-2018:2613	04.09.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1612805samba: Insufficient input validation in libsmbclient

EPSS

Процентиль: 91%

0.07048

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-10858

CVSS3: 4.3

ubuntu

почти 7 лет назад

CVE-2018-10858

CVSS3: 4.3

nvd

почти 7 лет назад

CVE-2018-10858

CVSS3: 4.3

debian

почти 7 лет назад

A heap-buffer overflow was found in the way samba clients processed ex ...

openSUSE-SU-2018:2396-1

suse-cvrf

почти 7 лет назад

Security update for samba

SUSE-SU-2018:2329-1

suse-cvrf

почти 7 лет назад

Security update for samba

EPSS

Процентиль: 91%

0.07048

Низкий

4.3 Medium

CVSS3