A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P
Vendors Products
Samba
  • Samba
Redhat
  • Virtualization Host
  • Virtualization
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/105085 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1042002 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2612 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858 Issue Tracking Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10284
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20180814-0001/ Third Party Advisory
https://usn.ubuntu.com/3738-1/ Third Party Advisory
https://www.debian.org/security/2018/dsa-4271 Third Party Advisory
https://www.samba.org/samba/security/CVE-2018-10858.html Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-08-22T17:00:00

Updated: 2020-03-25T18:06:05

Reserved: 2018-05-09T00:00:00

Link: CVE-2018-10858

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-08-22T17:29:00.367

Modified: 2019-06-26T08:15:11.110

Link: CVE-2018-10858

JSON object: View

cve-icon Redhat Information

No data.

CWE