Synology-SA-18:47 Samba
Publish Time: 2018-08-16 16:36:23 UTC+8
Last Updated: 2019-12-24 14:13:51 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
CVE-2018-10858 allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Active Backup for Server.
CVE-2018-10919 allows remote authenticated users to obtain sensitive information via a susceptible version of Active Directory Server.
None of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and Directory Server are affected by CVE-2018-1139, CVE-2018-1140, or CVE-2018-10918 as these vulnerabilities only affect Samba 4.7 or above.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2 | Not affected | N/A |
| DSM 6.1 | Not affected | N/A |
| DSM 5.2 | Not affected | N/A |
| SkyNAS | Not affected | N/A |
| SRM 1.1 | Not affected | N/A |
| VS960HD | Not affected | N/A |
| Directory Server | Not affected | N/A |
| Active Directory Server | Moderate | Upgrade to 6.2.2-24922 or above. |
| Active Backup for Server | Important | Upgrade to 6.2.2-24922 or above. |
Mitigation
None
Detail
CVE-2018-1139
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
CVE-2018-1140
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable
CVE-2018-10858
- Severity: Important
- CVSS3 Base Score: 7.5
- CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
- A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
CVE-2018-10918
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.
CVE-2018-10919
- Severity: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Reference
- Samba Releases Security Updates
- Samba - Security Announcement Archive - CVE-2018-1139
- Samba - Security Announcement Archive - CVE-2018-1140
- Samba - Security Announcement Archive - CVE-2018-10858
- Samba - Security Announcement Archive - CVE-2018-10918
- Samba - Security Announcement Archive - CVE-2018-10919
- CVE - CVE-2018-1139
- CVE - CVE-2018-1140
- CVE - CVE-2018-10858
- CVE - CVE-2018-10918
- CVE - CVE-2018-10919
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-08-16 | Initial public release. |
| 2 | 2018-08-24 | Updated Detail. |
| 3 | 2019-04-29 | Update for Active Directory Server and Active Backup for Server are now available in Affected Products. |