Samba Patches Two Critical Vulnerabilities in Server Software

综合技术 Threatpost (源链)

Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the admin’s.

Samba, a popular free open source software, allows Windows-based file and print services to be shared via operating systems such as Windows, Linux and UNIX.

The vulnerability CVE-2018-1050 enables hackers to launch denial of service attacks on external print servers, according to the Samba security release posted Tuesday .

According to Samba, CVE-2018-1050 has impacted all versions of Samba from 4.0.0 and above, and stems from missing null pointer checks that may crash the external print server process.

The impacted software versions are vulnerable when the Remote Procedure Call (RPC) Microsoft Spool Subsystem service (spools) is configured to run as an external daemon program, which runs continuously to handle periodic service requests for systems.

RPC is a model for programming in a distributed computing environment, which provides transparent communication so that the client appears to be communicating directly with the server. Typically, spoolss uses RPC as its transport protocol.

But due to missing input sanitization checks on some input parameters for spoolss RPC calls, when the service is run as an external daemon it could cause the background print spooler program to crash, said Samba – which impacts the handling the transfer of print files in a printer.

“There is no known vulnerability associated with this error, merely a denial of service. If the RPC spoolss service is left by default as an internal service, all a client can do is crash its own authenticated connection,” said Samba.

Samba has released a patch addressing this issue in versions 4.7.6, 4.6.14 and 4.5.16. The vulnerability was first discovered by Synopsys’ Defensics intelligent fuzz testing tool, according to Samba.

Meanwhile, the password vulnerability ( CVE-2018-1057 ) exists on all versions of Samba from 4.0.0 and above. The vulnerability, allows authenticated users to change other users’ passwords.

This vulnerability incorrectly validates permissions, allowing users to change other users’ passwords – including the passwords of administrative users and privileged service accounts – over the Lightweight Directory Access Protocol (LDAP) server on a Samba 4 Samba Active Directory domain controller.

LDAP is a directory service protocol that runs on a layer above the TCP/IP stack, providing a mechanism used to connect to, search and modify internet directories.

“The LDAP server incorrectly validates certain LDAP password modifications against the ‘Change Password’ privilege, but then performs a password reset operation,” according to Samba’s release. “The change password right in AD is an extended object access right with the GUID ab721a53-1e2f-11d0-9819-00aa0040529b.”

According to Samba, this vulnerability only impacts the Samba AD domain controller, not the read-only domain controller or the Samba3/NT4-like/classic domain controller.

Security researcher Björn Baumbach, with SerNet, is credited for discovering the CVE-2018-1057.

Samba said that while organizations prepare the update for this vulnerability, they can monitor their directory by keeping watch on attributes pwdLastSet and msDS-KeyVersionNumber, which will change if a password has been reset.

Samba has grappled with an array of vulnerabilities over the past 12 months, including two SMB-related man-in-the-middle bugs enabling attacks to hijack client connections inSeptember, and a vulnerability inMay that can be exploited with one line of code and could make way for a “wormable” exploit that spreads quickly.


vsftpd、nfs、samba I/O:网络、存储 存储: DAS:Direct Attached Storage 接口类型:“block”;只有块设备才能够进行分区格式化 设备:S...
CTDB使用rados object作为lock file 前言 服务器的服务做HA有很多种方式,其中有一种就是是用CTDB,之前这个是独立的软件来做HA的,现在已经跟着SAMBA主线里面了,也就是跟着samba发行包一起发行 之前CTDB的模式是需要有一个共享文件系统,并且在这个共享文件系统里面所有的节点都去访问同一个文件,会有一个Ma...
vsftpd、nfs、samba I/O:网络、存储 存储: DAS:Direct Attached Storage 接口类型:“block”;只有块设备才能够进行分区格式化 设备:S...
激情的魅力samba服务(热舞篇) 正如名称一样的迷人的一个服务,充满了激情。火热的天气中更添加一分悸动,本章就尝试对下面火热的 samba 服务是要如何破解并掌握于手心中。(本篇当中借鉴了鸟哥私房菜和 linux 就该这么学还有传说中的中华小题库,通过做题来对于 samba ...
Samba 4.7.0 发布,4.7 系列首个稳定版 Samba 4.7 的首个稳定版已发布,升级前请仔细阅读发布说明。Samba 4.7 是首个作为 RODC 或托管 RODC 时的安全版本。如果使用早期版本的 Samba 来托管或者作为 RODC,建议升级。 更新内容和发布说明较多, 详情点此参阅 。 下载地址: ...
Threatpost责编内容来自:Threatpost (源链) | 更多关于

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » Samba Patches Two Critical Vulnerabilities in Server Software

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录