Shulou(Shulou.com)06/01 Report--

This article will explain in detail what Samba CVE-2018-1050 and CVE-2018-1057 refer to. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.

Overview of 0x01 events

As a free software to implement SMB protocol on Linux and UNIX systems, Samba has a wide range of applications in the field of * nix.

On March 13, 2018, Samba officially released a new patch and security bulletin that all versions of Samba 4.0.0 have a denial of service vulnerability (CVE-2018-1050) and a vulnerability to modify arbitrary user passwords (CVE-2018-1057).

360CERT makes a research and judgment on this, and believes that the risk level of vulnerabilities is high and the scope of influence is wide. It is strongly recommended that users who use Samba software carry out security updates as soon as possible.

0x02 event influence surface

Affect the version

Affect all versions above Samba 4.0.0

Repair version

Samba 4.7.6,4.6.14 and 4.5.16

0x03 vulnerability details

CVE-2018-1050:

In smb.conf, if rpc_server:spoolss is configured as external, the lack of checking of incoming parameters to invoke spoolss RPC may cause the print spooling service to crash, resulting in a denial of service attack.

CVE-2018-1057:

In Samba4 AD DC domain environments of version 4.0.0 and above, the LDAP server has misconfigured permissions to change passwords, causing users authenticated by LDAP to change the passwords of other users, including administrator users and privileged service accounts (such as domain controllers).

0x04 repair scheme

1. For CVE-2018-1050 and CVE-2018-1057, it is strongly recommended that all affected users update the official patch or update to the fixed version in a timely manner.

Patch address: http://www.samba.org/samba/security/

2. For CVE-2018-1050, make sure that rpc_server:spoolss in smb.conf is not set to external.

So much for sharing what Samba CVE-2018-1050 and CVE-2018-1057 refer to. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.