AVG-823

Package samba
Status Fixed
Severity High
Type multiple issues
Affected 4.9.2-1
Fixed 4.9.3-1
Current 4.10.0-2 [extra]
Ticket None
Created Wed Nov 28 10:47:18 2018
Issue Severity Remote Type Description
CVE-2018-16857 Low Yes Access restriction bypass
A security issue has been found in samba from 4.9.0 up to and including 4.9.2, where AD DC Configurations watching for bad passwords to restrict brute...
CVE-2018-16853 Medium Yes Denial of service
A denial of service has been found in samba from 4.7.0 up to and including 4.9.2, where a user in a Samba AD domain can crash the MIT KDC by requesting an...
CVE-2018-16852 Medium Yes Denial of service
A NULL pointer de-reference issue has been found in samba from 4.9.0 up to and including 4.9.2, where a user able to create or modify dnsZone objects can...
CVE-2018-16851 Medium Yes Denial of service
A NULL pointer de-reference issue has been found in samba from 4.0.0 up to and including 4.9.2, where a user able to read more than 256MB of LDAP entries...
CVE-2018-16841 High Yes Denial of service
A double-free issue has been found in samba from 4.3.0 up to and including 4.9.2, where a user with a valid certificate or smart card can crash the Samba AD...
CVE-2018-14629 Medium Yes Denial of service
A denial of service security issue has been found in samba from 4.0.0 up to and including 4.9.2, where an unprivileged user can use the ldbadd tool to add...
Date Advisory Package Description
28 Nov 2018 ASA-201811-22 samba multiple issues
References
https://download.samba.org/pub/samba/patches/security/samba-4.9.2-security-2018-11-27.patch