{"containers": {"cna": {"affected": [{"product": "Samba", "vendor": "Samba", "versions": [{"status": "affected", "version": "All versions of Samba from 4.0.0 onwards"}]}], "datePublic": "2018-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-04T18:00:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3595-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3595-2/"}, {"name": "103387", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103387"}, {"name": "RHSA-2018:2613", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2613"}, {"name": "RHSA-2018:2612", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2612"}, {"name": "RHSA-2018:1883", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1883"}, {"name": "DSA-4135", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4135"}, {"name": "USN-3595-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3595-1/"}, {"name": "RHSA-2018:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1860"}, {"name": "RHSA-2018:3056", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3056"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"name": "1040493", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040493"}, {"name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-13T00:00:00", "ID": "CVE-2018-1050", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samba", "version": {"version_data": [{"version_value": "All versions of Samba from 4.0.0 onwards"}]}}]}, "vendor_name": "Samba"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476"}]}]}, "references": {"reference_data": [{"name": "USN-3595-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3595-2/"}, {"name": "103387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103387"}, {"name": "RHSA-2018:2613", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2613"}, {"name": "RHSA-2018:2612", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2612"}, {"name": "RHSA-2018:1883", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1883"}, {"name": "DSA-4135", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4135"}, {"name": "USN-3595-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3595-1/"}, {"name": "RHSA-2018:1860", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1860"}, {"name": "RHSA-2018:3056", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3056"}, {"name": "GLSA-201805-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201805-07"}, {"name": "1040493", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040493"}, {"name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"}, {"name": "https://www.samba.org/samba/security/CVE-2018-1050.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, {"name": "https://security.netapp.com/advisory/ntap-20180313-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:44:12.058Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3595-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3595-2/"}, {"name": "103387", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103387"}, {"name": "RHSA-2018:2613", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2613"}, {"name": "RHSA-2018:2612", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2612"}, {"name": "RHSA-2018:1883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1883"}, {"name": "DSA-4135", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4135"}, {"name": "USN-3595-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3595-1/"}, {"name": "RHSA-2018:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1860"}, {"name": "RHSA-2018:3056", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3056"}, {"name": "GLSA-201805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"name": "1040493", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040493"}, {"name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"}, {"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1050", "datePublished": "2018-03-13T16:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T23:16:06.670Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:lts:*:*:*", "matchCriteriaId": "A0B1E5F7-5866-424F-B6E6-C7D1DC747DBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76405E1-2260-48F9-B140-4143A6767709", "versionEndExcluding": "4.5.16", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "908F420E-C970-44FA-8FAB-F05C73E276EB", "versionEndExcluding": "4.6.14", "versionStartIncluding": "4.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5516C6B6-6886-42BB-9109-3684575091D4", "versionEndExcluding": "4.7.6", "versionStartIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash."}, {"lang": "es", "value": "Todas las versiones de Samba, desde la 4.0.0 en adelante, son vulnerables a un ataque de denegaci\u00f3n de servicio (DoS) cuando el servicio RPC spoolss se configura para ejecutarse como demonio externo. La falta de comprobaciones de saneamiento de entradas en algunos de los par\u00e1metros de entrada en las llamadas RPC spoolss podr\u00edan provocar que el servicio print spooler se cierre inesperadamente."}], "id": "CVE-2018-1050", "lastModified": "2024-11-21T03:59:04.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-13T16:29:00.210", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103387"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040493"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1860"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1883"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2612"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2613"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3056"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3595-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3595-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4135"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180313-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3595-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3595-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2018-1050.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1860", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-51.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-06-19T00:00:00Z"}, {"advisory": "RHSA-2018:1883", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.2.10-15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-06-19T00:00:00Z"}, {"advisory": "RHSA-2018:3056", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.8.3-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2018:2612", "cpe": "cpe:/a:redhat:storage:3.4:samba:el6", "package": "libtalloc-0:2.1.11-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2612", "cpe": "cpe:/a:redhat:storage:3.4:samba:el6", "package": "libtdb-0:1.3.15-4.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2612", "cpe": "cpe:/a:redhat:storage:3.4:samba:el6", "package": "libtevent-0:0.9.35-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2612", "cpe": "cpe:/a:redhat:storage:3.4:samba:el6", "package": "samba-0:4.7.5-110.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2613", "cpe": "cpe:/a:redhat:storage:3.4:samba:el7", "package": "libtalloc-0:2.1.11-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2613", "cpe": "cpe:/a:redhat:storage:3.4:samba:el7", "package": "libtdb-0:1.3.15-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2613", "cpe": "cpe:/a:redhat:storage:3.4:samba:el7", "package": "libtevent-0:0.9.35-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2613", "cpe": "cpe:/a:redhat:storage:3.4:samba:el7", "package": "samba-0:4.7.5-110.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}], "bugzilla": {"description": "samba: NULL pointer dereference in printer server process", "id": "1538771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538771"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-476", "details": ["All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.", "A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash."], "mitigation": {"lang": "en:us", "value": "Ensure the paramter:\nrpc_server:spoolss = external\nis not set in the [global] section of your smb.conf."}, "name": "CVE-2018-1050", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-03-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1050\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1050\nhttps://www.samba.org/samba/security/CVE-2018-1050.html"], "threat_severity": "Low", "upstream_fix": "samba 4.7.6, samba 4.6.14, samba 4.5.16"}