Two critical vulnerabilities (CVE-2018-1050, CVE-2018-1057) have been discovered in Samba, the open-source software that is a re-implementation of the SMB networking protocol. The Samba software can run on popular operating systems such as Windows, Linux, UNIX, IBM System 390, OpenVMS.
Moreover, Samba enables operating systems like GNU/Linux ad Mac OS X to share network folders, files, and printers with Windows.
The bugs discovered in Samba could allow unprivileged remote users to carry out DoS attacks against the targeted servers. Also, attackers could also change other users’ passwords, admin passwords inclusive.
CVE-2018-1050 Official Description
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
The DoS Samba bug affected all versions starting from Samba 4.0.0. it could be exploited when the RPC spoolss service is configured to be run as an external daemon, researchers explain.
CVE-2018-1057 Technical Details
This bug would allow unprivileged unauthenticated authenticated users to change the passwords of any other users, admins inclusive, via LDAP. This password reset vulnerability is present in all versions starting from 4.0.0. However, it only works in Samba Active Directory DC implementation.
This is because the bug doesn’t properly validate user permissions when it is requested to change passwords via LDAP, researchers clarify.
These two Samba vulnerabilities put many servers at risk of attacks as the software comes with a large number of Linux distros.
The good news is that Samba has addressed the two bugs with the release of Samba versions
4.7.6, 4.6.14, 4.5.16. It is highly advisable for administrators to update their vulnerable servers as soon as possible. Users running older versions of Samba may refer to this page for possibly available patches.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: