samba releases security updates – Oct 2019 | Cyber security technical information

Samba releases security updates – Oct 2019

Preface: Samba like a middle man bridging all the races in cyber world.

Background: Samba is a free software for connecting the UNIX operating system to the SMB/CIFS network protocol of the Microsoft Windows operating system. The third edition not only accesses and shares SMB folders and printers, but also integrates into the Windows Server domain, acting as a domain control station and joining Active Directory members.

Vulnerability details:
1) Path traversal (Severity – medium) – CVE-2019-10218 https://www.samba.org/samba/security/CVE-2019-10218.html

2)Use of Obsolete Function (Severity-low) – CVE-2018-18433 https://www.samba.org/samba/security/CVE-2019-14833.html

3)NULL pointer dereference (Severity-medium) – CVE-2019-14847
https://www.samba.org/samba/security/CVE-2019-14847.html

For the details of design weakness, please refer to attached diagram.

antihackingonline.com