Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2018-1050

Published: 13/03/2018 Updated: 01/09/2022
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Canonical

Vulnerability Summary

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 17.10

samba samba

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Ubuntu Security Notice: samba vulnerability
Samba could be made to crash if it received specially crafted input ...
Ubuntu Security Notice: samba vulnerabilities
Several security issues were fixed in Samba ...
Red Hat: Moderate: samba security, bug fix and enhancement update
Synopsis Moderate: samba security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 34 for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Moderate: samba security, bug fix, and enhancement update
Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Low: samba security and bug fix update
Synopsis Low: samba security and bug fix update Type/Severity Security Advisory: Low Topic An update for samba is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which giv ...
Red Hat: Moderate: samba security, bug fix and enhancement update
Synopsis Moderate: samba security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 34 for Red Hat Enterprise Linux 6Red Hat ...
Red Hat: Low: samba4 security and bug fix update
Synopsis Low: samba4 security and bug fix update Type/Severity Security Advisory: Low Topic An update for samba4 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which g ...
Debian Security Advisories: DSA-4135-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external ...
Amazon Linux 2: ALAS2-2018-1126
A null pointer dereference flaw was found in Samba RPC external printer service An attacker could use this flaw to cause the printer spooler service to crash(CVE-2018-1050) A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing A malicious samba server could use this flaw to cause arbitrary ...
Amazon Linux AMI: ALAS-2018-1126
A null pointer dereference flaw was found in Samba RPC external printer service An attacker could use this flaw to cause the printer spooler service to crash (CVE-2018-1050) A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing A malicious samba server could use this flaw to cause arbitrar ...
Red Hat: CVE-2018-1050
A null pointer dereference flaw was found in Samba RPC external printer service An attacker could use this flaw to cause the printer spooler service to crash ...
Arch Linux Issues:
All versions of Samba from 400 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash ...

Github Repositories

https://github.com/wiseeyesent/cves

Search for RedHat/Ubuntu security updates

cvesearch Just gimme the list & I'll do the work for you None of us are happy about this though Improved speed by up to 100x [root@josh9580-cvesearch ~]# time cve-savepy >/dev/null real 0m0164s user 0m0129s sys 0m0035s [root@josh9580-cvesearch ~]# time cve-checkpy CVE-2017-0861 >/dev/null real 0m3098s user 0m2049s sys 0m0051s [root@josh958

References

CWE-476https://www.samba.org/samba/security/CVE-2018-1050.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1538771https://www.debian.org/security/2018/dsa-4135https://security.netapp.com/advisory/ntap-20180313-0001/http://www.securitytracker.com/id/1040493http://www.securityfocus.com/bid/103387https://usn.ubuntu.com/3595-1/https://usn.ubuntu.com/3595-2/https://lists.debian.org/debian-lts-announce/2018/03/msg00024.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_ushttps://access.redhat.com/errata/RHSA-2018:1883https://access.redhat.com/errata/RHSA-2018:1860https://access.redhat.com/errata/RHSA-2018:2613https://access.redhat.com/errata/RHSA-2018:2612https://security.gentoo.org/glsa/201805-07https://access.redhat.com/errata/RHSA-2018:3056https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://lists.debian.org/debian-lts-announce/2019/04/msg00013.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/3595-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-35977CVE-2023-49335man-in-the-middleCVE-2024-4947CVE-2024-31714memory leakSQLCVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook