CVE-2018-1050

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Ubuntu_linux	Canonical	12.04 (including)	12.04 (including)
Ubuntu_linux	Canonical	14.04 (including)	14.04 (including)
Ubuntu_linux	Canonical	16.04 (including)	16.04 (including)
Ubuntu_linux	Canonical	17.10 (including)	17.10 (including)

Potential Mitigations

References

http://www.securityfocus.com/bid/103387
http://www.securitytracker.com/id/1040493
https://access.redhat.com/errata/RHSA-2018:1860
https://access.redhat.com/errata/RHSA-2018:1883
https://access.redhat.com/errata/RHSA-2018:2612
https://access.redhat.com/errata/RHSA-2018:2613
https://access.redhat.com/errata/RHSA-2018:3056
https://bugzilla.redhat.com/show_bug.cgi?id=1538771
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
https://security.gentoo.org/glsa/201805-07
https://security.netapp.com/advisory/ntap-20180313-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03834en_us
https://usn.ubuntu.com/3595-1/
https://usn.ubuntu.com/3595-2/
https://www.debian.org/security/2018/dsa-4135
https://www.samba.org/samba/security/CVE-2018-1050.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-1050
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References