CVE-2018-1050

Impact:
Low
Public Date:
2018-03-13
CWE:
CWE-119
Bugzilla:
1538771: CVE-2018-1050 samba: NULL pointer dereference in printer server process
A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.

Find out more about CVE-2018-1050 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.3
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Gluster Storage 3.4 for RHEL 7 (samba) RHSA-2018:2613 2018-09-04
Red Hat Enterprise Linux 6 (samba4) RHSA-2018:1883 2018-06-19
Red Hat Enterprise Linux 6 (samba) RHSA-2018:1860 2018-06-19
Red Hat Gluster Storage 3.4 for RHEL 6 (samba) RHSA-2018:2612 2018-09-04
Red Hat Enterprise Linux 7 (samba) RHSA-2018:3056 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 samba Not affected
Red Hat Enterprise Linux 5 samba3x Not affected

Acknowledgements

Red Hat would like to thank the Samba project for reporting this issue.

Mitigation

Ensure the paramter:
rpc_server:spoolss = external
is not set in the [global] section of your smb.conf.

External References

Last Modified