USN-3738-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 UBUNTU-CVE-2018-10858 UBUNTU-CVE-2018-10918

Published: 14 Aug 2018, 17:02

Last modified:22 Apr 2026, 09:47

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Aug 2018, 17:02

Published

Vulnerability first disclosed

22 Apr 2026, 09:47

Last Modified

Vulnerability information updated

Description

samba vulnerabilities Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139)

Affected Systems

ubuntu•samba
< 2:4.3.11+dfsg-0ubuntu0.14.04.16 | < 2:4.3.11+dfsg-0ubuntu0.16.04.15 | < 2:4.7.6+dfsg~ubuntu-0ubuntu2.2

USN-3738-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)