CVE-2018-1140

Description

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable

CVSS Metrics

• v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•LOW•Score: 3.3AV:A/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 14.43%• Percentile: 95%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• samba•samba

  ≥ 4.8.0, < 4.8.4

• the samba team•samba

  4.8.0 and newer

References (6)

• https://bugzilla.samba.org/show_bug.cgi?id=13374
• https://www.samba.org/samba/security/CVE-2018-1140.html
• https://security.netapp.com/advisory/ntap-20180814-0001/
• http://www.securityfocus.com/bid/105082
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1140
• https://security.gentoo.org/glsa/202003-52