ASA-201803-10 generated external raw

[ASA-201803-10] samba: multiple issues
Arch Linux Security Advisory ASA-201803-10 ========================================== Severity: Critical Date : 2018-03-13 CVE-ID : CVE-2018-1050 CVE-2018-1057 Package : samba Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-651 Summary ======= The package samba before version 4.7.6-1 is vulnerable to multiple issues including access restriction bypass and denial of service. Resolution ========== Upgrade to 4.7.6-1. # pacman -Syu "samba>=4.7.6-1" The problems have been fixed upstream in version 4.7.6. Workaround ========== - CVE-2018-1050 Ensure the parameter: rpc_server:spoolss = external is not set in the [global] section of your smb.conf. - CVE-2018-1057 Revoke the change passwords right for 'the world' from all user objects (including computers) in the directory, leaving only the right to change a user's own password. Description =========== - CVE-2018-1050 (denial of service) All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. - CVE-2018-1057 (access restriction bypass) On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. Impact ====== A remote attacker is able to change other users passwords on a Samba 4 AD DC or perform a denial of service attack by sending a specially crafted request to the spoolss service. References ========== https://lists.samba.org/archive/samba-announce/2018/000435.html https://www.samba.org/samba/security/CVE-2018-1050.html https://github.com/samba-team/samba/commit/c41895be8222199ffe69749e32afc9946517f63f https://www.samba.org/samba/security/CVE-2018-1057.html https://wiki.samba.org/index.php/CVE-2018-1057 https://github.com/samba-team/samba/commit/50e7788603b97104fe116a07ab14a1d1148f4405 https://github.com/samba-team/samba/commit/c80456855197f9fe9ef497a7fc94504c28445343 https://github.com/samba-team/samba/commit/ab7dc210e9aedc1222055822ff296e4a67cfb27b https://github.com/samba-team/samba/commit/407a34c73fcd666c22776bbc4aa56d02c0683463 https://github.com/samba-team/samba/commit/3e6621fe58014f19477633b1c0b54288550f0e87 https://github.com/samba-team/samba/commit/9dd7dd9ebba8d449feea66695fab3cbbb22d00e8 https://github.com/samba-team/samba/commit/766ab4c52b06532f2dd8801ccf5d4aadf07a098e https://github.com/samba-team/samba/commit/0e15ce12e1e9733f1e8eb13e77cbcdd0aea29f29 https://github.com/samba-team/samba/commit/39e689aa703536330083bfc4d58d15a2521e0f95 https://github.com/samba-team/samba/commit/2fea9ee701fed0417d8f681238663b7b00c451f8 https://github.com/samba-team/samba/commit/c653e51a3d991e0e08327186881b324b85106f0d https://github.com/samba-team/samba/commit/b23bf04caeb196da9515addbcdf17db0723ee553 https://github.com/samba-team/samba/commit/fbd16473ecf073f86e36f9e29a80151272661dce https://security.archlinux.org/CVE-2018-1050 https://security.archlinux.org/CVE-2018-1057