Severity High
Patch available YES
Number of vulnerabilities 20
CVE ID CVE-2018-10858
CVE-2018-10918
CVE-2018-10919
CVE-2018-1139
CVE-2018-11396
CVE-2018-1140
CVE-2018-11409
CVE-2018-14629
CVE-2018-16841
CVE-2018-16851
CVE-2018-16852
CVE-2018-16853
CVE-2018-16857
CVE-2018-16860
CVE-2019-10197
CVE-2019-14861
CVE-2019-14870
CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
CWE ID CWE-122
CWE-476
CWE-284
CWE-327
CWE-20
CWE-200
CWE-835
CWE-415
CWE-264
CWE-287
CWE-823
CWE-358
CWE-399
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Gentoo Linux

Operating systems & Components /
Operating system
Vendor Gentoo

Security Advisory

1) Heap-based buffer overflow

Severity: High

CVSSv3:
7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-10858

CWE-ID:
CWE-122 – Heap-based Buffer Overflow

Exploit availability:
No

Description


The vulnerability allows a remote attacker to execute arbitrary code on the target system.


The vulnerability exists due to a boundary error in libsmbclientwhen processing a list of directory entries, received from the server. A remote attacker can trick the victim to connect to a malicious SMB server, send a long list of directory entries, trigger heap-based buffer overflow and crash the client or execute arbitrary code on the target system.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

Severity: Low

CVSSv3:
5 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-10918

CWE-ID:
CWE-476 – NULL Pointer Dereference

Exploit availability:
No

Description


The vulnerability allows a remote attacker to cause denial of service attack.


The vulnerability exists due to a NULL pointer deference error when processing directory attributes from the LDB database layer within the DsCrackNames() function in DRSUAPI RPC server. A remote authenticated attacker can send a specially crafted request to the vulnerable samba server, trigger NULL pointer dereference error and crash the affected server.


Successful exploitation of the vulnerability requires that the Samba is configured as an Active Directory Domain Controller.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

Severity: Low

CVSSv3:
5 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-10919

CWE-ID:
CWE-284 – Improper Access Control

Exploit availability:
No

Description


The vulnerability allows a remote attacker to gain access to sensitive information.


The vulnerability exists due to missing access control checks when displaying values of confidential attributes. A remote authenticated attacker can use LDAP search expression to  obtain both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

Severity: Low

CVSSv3:
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-11396

CWE-ID:
CWE-20 – Improper Input Validation

Exploit availability:
No

Description


The vulnerability allows a remote attacker to cause DoS condition on the target system.


The vulnerability exists in ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) due to insufficient validation of user-supplied input. A remote attacker can supply JavaScript code, trigger access to a NULL URL, as demonstrated by a crafted window.open call and cause the service to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

Severity: Low

CVSSv3:
5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-1140

CWE-ID:
CWE-476 – NULL Pointer Dereference

Exploit availability:
No

Description


The vulnerability allows a remote attacker to cause denial of service attack.


The vulnerability exists due to improper input validation when processing data from the LDB database layer. A remote attacker can trigger NULL pointer dereference error and cause the LDAP server and DNS server to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

Severity: Low

CVSSv3:
4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID:
CVE-2018-11409

CWE-ID:
CWE-200 – Information Exposure

Exploit availability:
No

Description


The vulnerability allows a remote attacker to obtain potentially sensitive information.


The vulnerability exists due to unspecified flaw. A remote attacker can append __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key and gain access to arbitrary data.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

Severity: Low

CVSSv3:
5.4 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-14629

CWE-ID:
CWE-835 – Loop with Unreachable Exit Condition (‘Infinite Loop’)

Exploit availability:
No

Description


The vulnerability allows a local unauthenticated attacker to cause DoS condition.


The vulnerability exists due to infinite query recursion caused by CNAME loops. A local attacker can add any dns record via ldap using the ldbadd tool, trigger infinite loop and cause the server to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Double-free error

Severity: Low

CVSSv3:
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16841

CWE-ID:
CWE-415 – Double Free

Exploit availability:
No

Description


The vulnerability allows a remote authenticated attacker to cause DoS condition.


The vulnerability exists due to Samba’s KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ when configured to accept smart-card authentication. A remote attacker can trigger double-free with talloc_free() and directly calls abort() and cause the KDC process to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

Severity: Low

CVSSv3:
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16851

CWE-ID:
CWE-476 – NULL Pointer Dereference

Exploit availability:
No

Description


The vulnerability allows a remote authenticated attacker to cause DoS condition.


The vulnerability exists due to the entries are cached in a single memory object with a maximum size of 256MB during the processing of an LDAP search before Samba’s AD DC returns the LDAP entries to the client. A remote attacker can trigger NULL pointer dereference in the LDAP service when this size is reached and cause the process to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

Severity: Low

CVSSv3:
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16852

CWE-ID:
CWE-476 – NULL Pointer Dereference

Exploit availability:
No

Description


The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.


The vulnerability exists due to an error in the internal DNS server or the Samba DLZ plugin for BIND9 during the processing of an DNS zone in the DNS management DCE/RPC server if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set. A remote attacker can NULL pointer dereference and cause the service to crash.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Denial of service

Severity: Low

CVSSv3:
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16853

CWE-ID:
CWE-264 – Permissions, Privileges, and Access Controls

Exploit availability:
No

Description


The vulnerability allows a remote authenticated attacker to cause DoS condition.


The vulnerability exists due to use of experimental MIT Kerberos build of the Samba AD DC. A remote attacker can crash the KDC when Samba is built in the non-default MIT Kerberos configuration.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

Severity: Low

CVSSv3:
5.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16857

CWE-ID:
CWE-264 – Permissions, Privileges, and Access Controls

Exploit availability:
No

Description


The vulnerability allows a remote attacker to bypass security restrictions.


The vulnerability exists due to AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. A remote attacker can bypass security restrictions and modify arbitrary data.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper Authentication

Severity: Medium

CVSSv3:
6.5 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-16860

CWE-ID:
CWE-287 – Improper Authentication

Exploit availability:
No

Description


The vulnerability allows a remote authenticated user to compromise vulnerable domain.


The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.


Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3:
5.3 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2019-10197

CWE-ID:
CWE-264 – Permissions, Privileges, and Access Controls

Exploit availability:
No

Description


The vulnerability allows a remote attacker to escalate privileges on the system.


The vulnerability exists due to an error related to caching of responses when the ‘wide links’ option is explicitly set to ‘yes’ and either ‘unix extensions = no’ or ‘allow insecure wide links = yes’ is set in addition. A remote attacker can that does not have access to a share can send a series of request to an SMB share and gain access to the global root directory on the system.


Successful exploitation of the vulnerability may allow an attacker to read or modify arbitrary files on the system. Note, that unix permissions enforced by kernel will still apply.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of out-of-range pointer offset

Severity: Low

CVSSv3:
3.1 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID:
CVE-2019-14861

CWE-ID:
CWE-823 – Use of Out-of-range Pointer Offset

Exploit availability:
No

Description


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.


The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improperly implemented security feature

Severity: Low

CVSSv3:
3.2 [CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID:
CVE-2019-14870

CWE-ID:
CWE-358 – Improperly Implemented Security Check for Standard

Exploit availability:
No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction (“delegation_not_allowed” user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

Severity: Medium

CVSSv3:
4 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID:
CVE-2019-14902

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description


The vulnerability allows a remote attacker to bypass implemented security checks.


The vulnerability exists due to absent full-sync replication that did not allow ACL changes to be replicated to all domain controllers. A remote attacker can gain access to sensitive resources.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

Severity: Medium

CVSSv3:
5 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2019-14907

CWE-ID:
CWE-20 – Improper Input Validation

Exploit availability:
No

Description


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of certain
user-controlled string, if logging is enabled at level 3 or above. A
remote attacker can send specially crafted data to the Samba DC and
terminate Samba RPC server.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

Severity: Low

CVSSv3:
3.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID:
CVE-2019-19344

CWE-ID:
CWE-416 – Use After Free

Exploit availability:
No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error during DNS zone scavenging. A remote attacker can under rare conditions to query DNS and obtain parts of memory that was written into database during zone scavenging process.

Mitigation

Update the affected packages.
net-fs/samba to version: 4.11.6

Vulnerable software versions

Gentoo Linux:

CPE
External links

https://security.gentoo.org/https://security.gentoo.org/glsa/202003-52

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.





Source link

Write a comment:
*

Your email address will not be published.