Samba releases security updates – Oct 2019
Preface: Samba like a middle man bridging all the races in cyber world.
Background: Samba is a free software for connecting the UNIX operating system to the SMB/CIFS network protocol of the Microsoft Windows operating system. The third edition not only accesses and shares SMB folders and printers, but also integrates into the Windows Server domain, acting as a domain control station and joining Active Directory members.
1) Path traversal (Severity – medium) – CVE-2019-10218 https://www.samba.org/samba/security/CVE-2019-10218.html
2)Use of Obsolete Function (Severity-low) – CVE-2018-18433 https://www.samba.org/samba/security/CVE-2019-14833.html
3)NULL pointer dereference (Severity-medium) – CVE-2019-14847
For the details of design weakness, please refer to attached diagram.