Bugzilla – Bug 1103411
VUL-0: CVE-2018-10858: samba: Insufficient input validation on client directory listing in libsmbclient
Last modified: 2022-12-13 15:08:08 UTC
This is a embargoed bug. This means that this information is not public. Please - do not talk to other people about this unless they're involved in fixing the issue - do not submit this into OBS (e.g. fix Leap) until this is public - do not make this bug public - Please be aware that the SUSE:SLE-12-SP4:GA codestream is available via OBS. This means that you can't submit security fixes for embargoed issues to SLE 12 SP4 GA until they become public. In doubt please talk to us on IRC (#security) or sent us a mail. CRD: 2018-08-14
is public CVE-2018-10858.html =========================================================== == Subject: Insufficient input validation on client directory == listing in libsmbclient. == == CVE ID#: CVE-2018-10858 == == Versions: Samba 3.2.0 - 4.8.3 (inclusive) == == Summary: A malicious server could return a directory entry == that could corrupt libsmbclient memory. == =========================================================== =========== Description =========== Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing. ================== Patch Availability ================== Patches addressing this issue have been posted to: http://www.samba.org/samba/security/ Samba versions 4.6.16, 4.7.9 and 4.8.4 have been released with fixes for this issue. ========== Workaround ========== None ======= Credits ======= This vulnerability was found by Svyatoslav Phirsov and was fixed by Jeremy Allison of Google and the Samba team.
SUSE-SU-2018:2318-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1
SUSE-SU-2018:2319-1: An update that solves one vulnerability and has three fixes is now available. Category: security (important) Bug References: 1067700,1068059,1087303,1103411 CVE References: CVE-2018-10858 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): samba-4.6.14+git.157.c2d53c2b191-3.29.1 SUSE Linux Enterprise Server 12-SP3 (src): samba-4.6.14+git.157.c2d53c2b191-3.29.1 SUSE Linux Enterprise High Availability 12-SP3 (src): samba-4.6.14+git.157.c2d53c2b191-3.29.1 SUSE Linux Enterprise Desktop 12-SP3 (src): samba-4.6.14+git.157.c2d53c2b191-3.29.1 SUSE Enterprise Storage 5 (src): samba-4.6.14+git.157.c2d53c2b191-3.29.1
SUSE-SU-2018:2320-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1054849,1103411 CVE References: CVE-2018-10858 Sources used: SUSE OpenStack Cloud 7 (src): samba-4.4.2-38.20.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): samba-4.4.2-38.20.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): samba-4.4.2-38.20.1 SUSE Linux Enterprise High Availability 12-SP2 (src): samba-4.4.2-38.20.1 SUSE Enterprise Storage 4 (src): samba-4.4.2-38.20.1
SUSE-SU-2018:2321-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1027593,1060427,1063008,1081741,1103411 CVE References: CVE-2017-14746,CVE-2017-15275,CVE-2018-1050,CVE-2018-10858 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): samba-4.2.4-18.49.1 SUSE Linux Enterprise High Availability 12 (src): samba-4.2.4-18.49.1
SUSE-SU-2018:2329-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1079449,1103411 CVE References: CVE-2018-10858 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): samba-3.6.3-94.14.2 SUSE Linux Enterprise Server 11-SP4 (src): samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2 SUSE Linux Enterprise Server 11-SP3-LTSS (src): samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src): samba-3.6.3-94.14.2, samba-doc-3.6.3-94.14.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): samba-3.6.3-94.14.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src): samba-3.6.3-94.14.2
SUSE-SU-2018:2339-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1081741,1103411 CVE References: CVE-2018-1050,CVE-2018-10858 Sources used: SUSE OpenStack Cloud 7 (src): samba-4.2.4-28.29.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): samba-4.2.4-28.29.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): samba-4.2.4-28.29.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): samba-4.2.4-28.29.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): samba-4.2.4-28.29.1 SUSE Linux Enterprise High Availability 12-SP1 (src): samba-4.2.4-28.29.1 SUSE Enterprise Storage 4 (src): samba-4.2.4-28.29.1
openSUSE-SU-2018:2396-1: An update that solves one vulnerability and has three fixes is now available. Category: security (important) Bug References: 1067700,1068059,1087303,1103411 CVE References: CVE-2018-10858 Sources used: openSUSE Leap 42.3 (src): samba-4.6.14+git.157.c2d53c2b191-18.1
openSUSE-SU-2018:2400-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: openSUSE Leap 15.0 (src): samba-4.7.8+git.86.94b6d10f7dd-lp150.3.6.1
shipped
SUSE-SU-2018:2339-2: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1081741,1103411 CVE References: CVE-2018-1050,CVE-2018-10858 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): samba-4.2.4-28.29.1
SUSE-SU-2018:2320-2: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1054849,1103411 CVE References: CVE-2018-10858 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): samba-4.4.2-38.20.1