Alpine: libsmbclient, pam-winbind, multiple samba packages: security update to 4.10.4-r1 (deprecated)

medium Tenable Self-Hosted Container Security Plugin ID 400489

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of
Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
(CVE-2019-12435)

- Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of
Service. This is related to an attacker using the paged search control. The attacker must have directory
read access in order to attempt an exploit. (CVE-2019-12436)

See Also

https://git.alpinelinux.org/aports/commit/?id=03d642699342cb6339c2b76144096010bced593d

https://git.alpinelinux.org/aports/commit/?id=a80d49fcecdaa5350d709fc4e9b5d71716661eb7

Plugin Details

Severity: Medium

ID: 400489

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2019-12436

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2019

Vulnerability Publication Date: 6/19/2019

Reference Information

CVE: CVE-2019-12435, CVE-2019-12436

BID: 108823, 108825

IAVA: 2019-A-0209-S