Synology-SA-18:47 Samba

Publish Time: 2018-08-16 16:36:23 UTC+8

Last Updated: 2019-12-24 14:13:51 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2018-10858 allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Active Backup for Server.

CVE-2018-10919 allows remote authenticated users to obtain sensitive information via a susceptible version of Active Directory Server.

None of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and Directory Server are affected by CVE-2018-1139, CVE-2018-1140, or CVE-2018-10918 as these vulnerabilities only affect Samba 4.7 or above.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Not affected N/A
DSM 6.1 Not affected N/A
DSM 5.2 Not affected N/A
SkyNAS Not affected N/A
SRM 1.1 Not affected N/A
VS960HD Not affected N/A
Directory Server Not affected N/A
Active Directory Server Moderate Upgrade to 6.2.2-24922 or above.
Active Backup for Server Important Upgrade to 6.2.2-24922 or above.

Mitigation

None

Detail

  • CVE-2018-1139

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
  • CVE-2018-1140

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable
  • CVE-2018-10858

    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C
    • A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
  • CVE-2018-10918

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.
  • CVE-2018-10919

    • Severity: Moderate
    • CVSS3 Base Score: 4.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Reference

Revision

Revision Date Description
1 2018-08-16 Initial public release.
2 2018-08-24 Updated Detail.
3 2019-04-29 Update for Active Directory Server and Active Backup for Server are now available in Affected Products.