FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba44 < 4.4.17
samba45 < 4.5.16
samba46 < 4.6.14
samba47 < 4.7.6

Details

VuXML ID fb26f78a-26a9-11e8-a1c2-00505689d4ae
Discovery 2018-01-03
Entry 2018-03-13

The samba project reports:

Missing null pointer checks may crash the external print server process.

On a Samba 4 AD DC any authenticated user can change other user's passwords over LDAP, including the passwords of administrative users and service accounts.

References

CVE Name CVE-2018-1050
CVE Name CVE-2018-1057
URL https://www.samba.org/samba/security/CVE-2018-1050.html
URL https://www.samba.org/samba/security/CVE-2018-1057.html