FreeBSD : samba -- multiple vulnerabilities (54976998-f248-11e8-81e2-005056a311d1)

medium Nessus Plugin ID 119246

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The samba project reports :

All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.

When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ.

During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process.

During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate

A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration.

AD DC Configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.

Solution

Update the affected packages.

See Also

https://www.samba.org/samba/security/CVE-2018-14629.html

https://www.samba.org/samba/security/CVE-2018-16841.html

https://www.samba.org/samba/security/CVE-2018-16851.html

https://www.samba.org/samba/security/CVE-2018-16852.html

https://www.samba.org/samba/security/CVE-2018-16853.html

https://www.samba.org/samba/security/CVE-2018-16857.html

http://www.nessus.org/u?ec8b9b49

Plugin Details

Severity: Medium

ID: 119246

File Name: freebsd_pkg_54976998f24811e881e2005056a311d1.nasl

Version: 1.5

Type: local

Published: 11/28/2018

Updated: 7/18/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2018-16857

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:samba46, p-cpe:/a:freebsd:freebsd:samba49, p-cpe:/a:freebsd:freebsd:samba47, p-cpe:/a:freebsd:freebsd:samba48, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/14/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857