Amazon Linux 2 : samba (ALAS-2018-1126)
Medium Nessus Plugin ID 119781
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionA NULL pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.(CVE-2018-1050)
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.(CVE-2018-10858)
A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.(CVE-2018-1139)
SolutionRun 'yum update samba' to update your system.