CVE-2018-1050medium
Description
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
References
https://www.samba.org/samba/security/CVE-2018-1050.html
https://bugzilla.redhat.com/show_bug.cgi?id=1538771
https://www.debian.org/security/2018/dsa-4135
https://security.netapp.com/advisory/ntap-20180313-0001/
http://www.securitytracker.com/id/1040493
http://www.securityfocus.com/bid/103387
https://usn.ubuntu.com/3595-1/
https://usn.ubuntu.com/3595-2/
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
https://access.redhat.com/errata/RHSA-2018:1883
https://access.redhat.com/errata/RHSA-2018:1860
https://access.redhat.com/errata/RHSA-2018:2613
https://access.redhat.com/errata/RHSA-2018:2612
https://security.gentoo.org/glsa/201805-07
https://access.redhat.com/errata/RHSA-2018:3056
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Details
Source: MITRE
Published: 2018-03-13
Updated: 2022-09-01
Type: CWE-476
Risk Information
CVSS v2
Base Score: 3.3
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 6.5
Severity: LOW
CVSS v3
Base Score: 4.3
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Impact Score: 1.4
Exploitability Score: 2.8
Severity: MEDIUM