FreeBSD : samba -- multiple vulnerabilities (c4e9a427-9fc2-11e8-802a-000c29a1e3ec)

Medium Nessus Plugin ID 111722


The remote FreeBSD host is missing one or more security-related updates.


The samba project reports :

Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which allows authentication using NTLMv1 over an SMB1 transport (either directory or via NETLOGON SamLogon calls from a member server), even when NTLMv1 is explicitly disabled on the server.

Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.

Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing.

Missing database output checks on the returned directory attributes from the LDB database layer cause the DsCrackNames call in the DRSUAPI server to crash when following a NULL pointer.

All versions of the Samba Active Directory LDAP server from 4.0.0 onwards are vulnerable to the disclosure of confidential attribute values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 111722

File Name: freebsd_pkg_c4e9a4279fc211e8802a000c29a1e3ec.nasl

Version: 1.4

Type: local

Published: 2018/08/15

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:samba46, p-cpe:/a:freebsd:freebsd:samba47, p-cpe:/a:freebsd:freebsd:samba48, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/08/14

Vulnerability Publication Date: 2018/08/14

Reference Information

CVE: CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140