Unrated severityNVD Advisory· Published Mar 13, 2018· Updated Sep 16, 2024
CVE-2018-1050
CVE-2018-1050
Description
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
Affected products
36- osv-coords35 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 4.14.6+git.182.2205d5224e3-1.1+ 34 more
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 4.2.4-18.49.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 3.6.3-94.11.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 4.2.4-18.49.1
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 3.6.3-94.11.1
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 3.6.3-94.11.1
- (no CPE)range: < 4.4.2-38.17.1
- (no CPE)range: < 4.6.13+git.72.2a684235f41-3.21.3
- (no CPE)range: < 4.2.4-28.29.1
- (no CPE)range: < 3.6.3-94.11.1
- (no CPE)range: < 3.6.3-94.11.1
- (no CPE)range: < 2.1.10-3.3.2
- (no CPE)range: < 2.1.10-3.3.2
- (no CPE)range: < 2.1.10-3.3.2
- (no CPE)range: < 2.1.10-3.3.2
- (no CPE)range: < 0.9.34-3.3.2
- (no CPE)range: < 0.9.34-3.3.2
- (no CPE)range: < 0.9.34-3.3.2
- (no CPE)range: < 0.9.34-3.3.2
- Range: All versions of Samba from 4.0.0 onwards
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- access.redhat.com/errata/RHSA-2018:1860mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:1883mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2612mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2613mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3056mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201805-07mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3595-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3595-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4135mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/103387mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040493mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/03/msg00024.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/04/msg00013.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20180313-0001/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
- www.samba.org/samba/security/CVE-2018-1050.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.