CVE Vulnerability

CVE-2018-1050

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

3.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.samba.org/samba/security/CVE-2018-1050.html Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1538771 Issue Tracking Third Party Advisory
https://www.debian.org/security/2018/dsa-4135 Third Party Advisory
https://security.netapp.com/advisory/ntap-20180313-0001/ Third Party Advisory
http://www.securitytracker.com/id/1040493 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/103387 Third Party Advisory VDB Entry
https://usn.ubuntu.com/3595-1/ Third Party Advisory
https://usn.ubuntu.com/3595-2/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html Mailing List Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1883 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1860 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2612 Third Party Advisory
https://security.gentoo.org/glsa/201805-07 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056 Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:lts:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Information

Published : 2018-03-13 04:29

Updated : 2022-09-01 04:35

NVD link : CVE-2018-1050

Mitre link : CVE-2018-1050

Products Affected
No products.
CWE
CWE-476