SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba 'libsmbclient' Directory Listing Validation Flaw Lets Remote Authenticated Users Cause the Target User's SMB Service to Crash
SecurityTracker Alert ID:  1042002
SecurityTracker URL:  http://securitytracker.com/id/1042002
CVE Reference:   CVE-2018-10858   (Links to External Site)
Date:  Oct 30 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2.0 - 4.8.3
Description:   A vulnerability was reported in Samba. A remote authenticated user can cause the target service to crash.

A remote authenticated SMB server can return a specially crafted value to overwrite client heap memory.

Svyatoslav Phirsov reported this vulnerability.

Impact:   A remote authenticated user can cause the target user's SMB client to crash.
Solution:   The vendor has issued a fix (4.6.16, 4.7.9, 4.8.4).

The vendor advisory is available at:

https://www.samba.org/samba/security/CVE-2018-10858.html

Vendor URL:  www.samba.org/samba/security/CVE-2018-10858.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 5 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Samba 'libsmbclient' Directory Listing Validation Flaw Lets Remote Authenticated Users Cause the Target User's SMB Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.
Nov 12 2018 (Oracle Issues Fix for Oracle Linux) Samba 'libsmbclient' Directory Listing Validation Flaw Lets Remote Authenticated Users Cause the Target User's SMB Service to Crash
Oracle has issued a fix for Oracle Linux 7.
Nov 13 2018 (Red Hat Issues Fix) Samba 'libsmbclient' Directory Listing Validation Flaw Lets Remote Authenticated Users Cause the Target User's SMB Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC