Samba release security update – 27th Nov 2018

Preface: Samba is an implementation of the Server Message Block (SMB)/Common Internet File System (CIFS) protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix.

Vulnerabilities highlights:
Double free error is caused by freeing same memory location twice by calling free() on the same allocated memory. A NULL pointer dereference is a sub type of an error causing a segmentation fault. It occurs when a program attempts to read or write to memory with a NULL pointer. This design limitation was happen in a lot of software application. Found above vulnerabilities occurs in Samba server. For more details, please refer below:

Unprivileged adding of CNAME record causing loop in AD Internal DNS server : https://www.samba.org/samba/security/CVE-2018-14629.html

Double-free in Samba AD DC KDC with PKINIT

https://www.samba.org/samba/security/CVE-2018-16841.html

NULL pointer de-reference in Samba AD DC LDAP server

https://www.samba.org/samba/security/CVE-2018-16851.html

NULL pointer de-reference in Samba AD DC DNS servers

https://www.samba.org/samba/security/CVE-2018-16852.html

Samba AD DC S4U2Self Crash in experimental MIT Kerberos configuration (unsupported)

https://www.samba.org/samba/security/CVE-2018-16853.html

Bad password count in AD DC not always effective

https://www.samba.org/samba/security/CVE-2018-16857.html

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.