Bug 1103411 - (CVE-2018-10858) VUL-0: CVE-2018-10858: samba: Insufficient input validation on client directory listing in libsmbclient
(CVE-2018-10858)
VUL-0: CVE-2018-10858: samba: Insufficient input validation on client directo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: James McDonough
Security Team bot
CVSSv3:SUSE:CVE-2018-10858:8.6:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-01 13:11 UTC by Johannes Segitz
Modified: 2018-10-25 22:43 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Johannes Segitz 2018-08-01 13:25:11 UTC
This is a embargoed bug. This means that this information is not public. Please
- do not talk to other people about this unless they're involved in fixing the issue
- do not submit this into OBS (e.g. fix Leap) until this is public
- do not make this bug public
- Please be aware that the SUSE:SLE-12-SP4:GA codestream is available via OBS. This means
  that you can't submit security fixes for embargoed issues to SLE 12 SP4 GA until they become
  public.

In doubt please talk to us on IRC (#security) or sent us a mail.

CRD: 2018-08-14
Comment 13 Marcus Meissner 2018-08-14 09:01:13 UTC
is public


CVE-2018-10858.html

===========================================================
== Subject:     Insufficient input validation on client directory
==		listing in libsmbclient.
==
== CVE ID#:     CVE-2018-10858
==
== Versions:    Samba 3.2.0 - 4.8.3 (inclusive)
==
== Summary:     A malicious server could return a directory entry
==		that could corrupt libsmbclient memory.
==
===========================================================

===========
Description
===========

Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server to overwrite
client heap memory by returning an extra long filename in a directory
listing.

==================
Patch Availability
==================

Patches addressing this issue have been posted to:

    http://www.samba.org/samba/security/

Samba versions 4.6.16, 4.7.9 and 4.8.4 have been released with fixes for
this issue.

==========
Workaround
==========

None

=======
Credits
=======

This vulnerability was found by Svyatoslav Phirsov and was fixed
by Jeremy Allison of Google and the Samba team.
Comment 14 Swamp Workflow Management 2018-08-14 13:08:32 UTC
SUSE-SU-2018:2318-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1095048,1095056,1095057,1103411,1103414
CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    samba-4.7.8+git.86.94b6d10f7dd-4.15.1
SUSE Linux Enterprise High Availability 15 (src):    samba-4.7.8+git.86.94b6d10f7dd-4.15.1
Comment 15 Swamp Workflow Management 2018-08-14 13:09:44 UTC
SUSE-SU-2018:2319-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1067700,1068059,1087303,1103411
CVE References: CVE-2018-10858
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    samba-4.6.14+git.157.c2d53c2b191-3.29.1
SUSE Linux Enterprise Server 12-SP3 (src):    samba-4.6.14+git.157.c2d53c2b191-3.29.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    samba-4.6.14+git.157.c2d53c2b191-3.29.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    samba-4.6.14+git.157.c2d53c2b191-3.29.1
SUSE Enterprise Storage 5 (src):    samba-4.6.14+git.157.c2d53c2b191-3.29.1
Comment 16 Swamp Workflow Management 2018-08-14 16:08:22 UTC
SUSE-SU-2018:2320-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1054849,1103411
CVE References: CVE-2018-10858
Sources used:
SUSE OpenStack Cloud 7 (src):    samba-4.4.2-38.20.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    samba-4.4.2-38.20.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    samba-4.4.2-38.20.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    samba-4.4.2-38.20.1
SUSE Enterprise Storage 4 (src):    samba-4.4.2-38.20.1
Comment 17 Swamp Workflow Management 2018-08-14 16:09:33 UTC
SUSE-SU-2018:2321-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027593,1060427,1063008,1081741,1103411
CVE References: CVE-2017-14746,CVE-2017-15275,CVE-2018-1050,CVE-2018-10858
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    samba-4.2.4-18.49.1
SUSE Linux Enterprise High Availability 12 (src):    samba-4.2.4-18.49.1
Comment 18 Swamp Workflow Management 2018-08-14 22:13:08 UTC
SUSE-SU-2018:2329-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1079449,1103411
CVE References: CVE-2018-10858
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    samba-3.6.3-94.14.2
SUSE Linux Enterprise Server 11-SP4 (src):    samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    samba-3.6.3-94.14.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    samba-3.6.3-94.14.2
Comment 19 Swamp Workflow Management 2018-08-16 07:12:55 UTC
SUSE-SU-2018:2339-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1081741,1103411
CVE References: CVE-2018-1050,CVE-2018-10858
Sources used:
SUSE OpenStack Cloud 7 (src):    samba-4.2.4-28.29.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    samba-4.2.4-28.29.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    samba-4.2.4-28.29.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    samba-4.2.4-28.29.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    samba-4.2.4-28.29.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    samba-4.2.4-28.29.1
SUSE Enterprise Storage 4 (src):    samba-4.2.4-28.29.1
Comment 20 Swamp Workflow Management 2018-08-17 10:09:14 UTC
openSUSE-SU-2018:2396-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1067700,1068059,1087303,1103411
CVE References: CVE-2018-10858
Sources used:
openSUSE Leap 42.3 (src):    samba-4.6.14+git.157.c2d53c2b191-18.1
Comment 21 Swamp Workflow Management 2018-08-17 10:13:31 UTC
openSUSE-SU-2018:2400-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1095048,1095056,1095057,1103411,1103414
CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140
Sources used:
openSUSE Leap 15.0 (src):    samba-4.7.8+git.86.94b6d10f7dd-lp150.3.6.1
Comment 22 James McDonough 2018-10-01 10:04:02 UTC
shipped
Comment 23 Swamp Workflow Management 2018-10-18 16:41:54 UTC
SUSE-SU-2018:2339-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1081741,1103411
CVE References: CVE-2018-1050,CVE-2018-10858
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    samba-4.2.4-28.29.1
Comment 24 Swamp Workflow Management 2018-10-18 18:04:42 UTC
SUSE-SU-2018:2320-2: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1054849,1103411
CVE References: CVE-2018-10858
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    samba-4.4.2-38.20.1