FreeBSD : samba -- multiple vulnerabilities (c4e9a427-9fc2-11e8-802a-000c29a1e3ec)
Medium Nessus Plugin ID 111722
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe samba project reports :
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which allows authentication using NTLMv1 over an SMB1 transport (either directory or via NETLOGON SamLogon calls from a member server), even when NTLMv1 is explicitly disabled on the server.
Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing.
Missing database output checks on the returned directory attributes from the LDB database layer cause the DsCrackNames call in the DRSUAPI server to crash when following a NULL pointer.
All versions of the Samba Active Directory LDAP server from 4.0.0 onwards are vulnerable to the disclosure of confidential attribute values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.
SolutionUpdate the affected packages.