CVE Vulnerabilities

CVE-2018-1050

NULL Pointer Dereference

Published: Mar 13, 2018 | Modified: Nov 21, 2024
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
4.3 LOW
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 (including) 12.04 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Ubuntu_linux Canonical 17.10 (including) 17.10 (including)
Red Hat Enterprise Linux 6 RedHat samba-0:3.6.23-51.el6 *
Red Hat Enterprise Linux 6 RedHat samba4-0:4.2.10-15.el6 *
Red Hat Enterprise Linux 7 RedHat samba-0:4.8.3-4.el7 *
Red Hat Gluster Storage 3.4 for RHEL 6 RedHat libtalloc-0:2.1.11-1.el6rhs *
Red Hat Gluster Storage 3.4 for RHEL 6 RedHat libtdb-0:1.3.15-4.el6rhs *
Red Hat Gluster Storage 3.4 for RHEL 6 RedHat libtevent-0:0.9.35-1.el6rhs *
Red Hat Gluster Storage 3.4 for RHEL 6 RedHat samba-0:4.7.5-110.el6rhs *
Red Hat Gluster Storage 3.4 for RHEL 7 RedHat libtalloc-0:2.1.11-1.el7rhgs *
Red Hat Gluster Storage 3.4 for RHEL 7 RedHat libtdb-0:1.3.15-4.el7rhgs *
Red Hat Gluster Storage 3.4 for RHEL 7 RedHat libtevent-0:0.9.35-1.el7rhgs *
Red Hat Gluster Storage 3.4 for RHEL 7 RedHat samba-0:4.7.5-110.el7rhgs *
Samba Ubuntu artful *
Samba Ubuntu devel *
Samba Ubuntu trusty *
Samba Ubuntu upstream *
Samba Ubuntu xenial *

Potential Mitigations

References