Two critical vulnerabilities (CVE-2018-1050, CVE-2018-1057) have been discovered in Samba, the open-source software that is a re-implementation of the SMB networking protocol. The Samba software can run on popular operating systems such as Windows, Linux, UNIX, IBM System 390, OpenVMS.
Moreover, Samba enables operating systems like GNU/Linux ad Mac OS X to share network folders, files, and printers with Windows.
The bugs discovered in Samba could allow unprivileged remote users to carry out DoS attacks against the targeted servers. Also, attackers could also change other users’ passwords, admin passwords inclusive.
CVE-2018-1050 Official Description
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
The DoS Samba bug affected all versions starting from Samba 4.0.0. it could be exploited when the RPC spoolss service is configured to be run as an external daemon, researchers explain.
CVE-2018-1057 Technical Details
This bug would allow unprivileged unauthenticated authenticated users to change the passwords of any other users, admins inclusive, via LDAP. This password reset vulnerability is present in all versions starting from 4.0.0. However, it only works in Samba Active Directory DC implementation.
This is because the bug doesn’t properly validate user permissions when it is requested to change passwords via LDAP, researchers clarify.
These two Samba vulnerabilities put many servers at risk of attacks as the software comes with a large number of Linux distros.
The good news is that Samba has addressed the two bugs with the release of Samba versions
4.7.6, 4.6.14, 4.5.16. It is highly advisable for administrators to update their vulnerable servers as soon as possible. Users running older versions of Samba may refer to this page for possibly available patches.