- Vulnerability/
- USN-3738-1
USN-3738-1: Samba vulnerabilities
First published: Tue Aug 14 2018(Updated: )
Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libsmbclient | <2:4.7.6+dfsg~ubuntu-0ubuntu2.2 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 |
| =18.04 | ||
| All of | ||
| ubuntu/samba | <2:4.7.6+dfsg~ubuntu-0ubuntu2.2 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 |
| =18.04 | ||
| All of | ||
| ubuntu/libsmbclient | <2:4.3.11+dfsg-0ubuntu0.16.04.15 | 2:4.3.11+dfsg-0ubuntu0.16.04.15 |
| =16.04 | ||
| All of | ||
| ubuntu/samba | <2:4.3.11+dfsg-0ubuntu0.16.04.15 | 2:4.3.11+dfsg-0ubuntu0.16.04.15 |
| =16.04 | ||
| All of | ||
| ubuntu/libsmbclient | <2:4.3.11+dfsg-0ubuntu0.14.04.16 | 2:4.3.11+dfsg-0ubuntu0.14.04.16 |
| =14.04 | ||
| All of | ||
| ubuntu/samba | <2:4.3.11+dfsg-0ubuntu0.14.04.16 | 2:4.3.11+dfsg-0ubuntu0.14.04.16 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2018-10858
- https://ubuntu.com/security/CVE-2018-10918
- https://ubuntu.com/security/CVE-2018-10919
- https://ubuntu.com/security/CVE-2018-1139
- https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.2
- https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.15
- https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.16
- https://ubuntu.com/security/notices/USN-3738-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this security advisory?
The vulnerability ID for this security advisory is USN-3738-1.
What are the affected software versions and packages?
The affected software versions are Samba 2:4.3.11+dfsg-0ubuntu0.14.04.16, Samba 2:4.3.11+dfsg-0ubuntu0.16.04.15, Samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.2. The affected packages are libsmbclient and samba.
What are the potential impacts of this vulnerability?
The potential impacts of this vulnerability include denial of service and possible execution of arbitrary code.
How can I fix the vulnerability?
To fix the vulnerability, update the affected software packages to the recommended versions: libsmbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 and samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.2.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu Security Notices page: [link](https://ubuntu.com/security/CVE-2018-10858)
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/tags
- agent/description
- agent/event
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04