Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities

Haythem Elmir
Samba has just released new security patches for two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users’ passwords, including admin’s.

Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS.

Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows operating system.

Denial of service vulnerability has been assigned CVE-2018-1050 that affects all versions of Samba from 4.0.0 onwards and can be exploited when the RPC spoolss service is configured to be run as an external daemon.

« Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. If the RPC spoolss service is left by default as an internal service, all a client can do is crash its own authenticated connection. » Samba advisory says.

The second vulnerability, assigned CVE-2018-1057, allows unprivileged authenticated users to change any other users’ passwords, including admin users.

This flaw exists on all versions of Samba from 4.0.0 onwards, and works only in Samba Active Directory DC, as it doesn’t validate permissions of the users while they modify passwords over LDAP.

A large number of users might potentially be at risk, because Samba ships with a wide range of Linux distributions.

The maintainers of Samba have addressed both vulnerabilities with the release of new Samba versions 4.7.6, 4.6.14 and 4.5.16.

T oread the original article:

Laisser un commentaire

Next Post

Here's a List of 29 Different Types of USB Attacks

Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users’ computers. The research team has classified these 29 exploitation methods in four different categories, depending on the way the attack is being carried out. A) By […]