CVE-2018-10858

Current Description

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Basic Data

PublishedAugust 22, 2018
Last ModifiedJune 26, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score8.8
CVSS 3 - Base SeverityHIGH
Exploitability Score2.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux18.04***lts***
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSambaSamba********4.6.16
    2.3ApplicationSambaSamba********4.7.04.7.9
    2.3ApplicationSambaSamba********4.8.04.8.4
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization4.0*******
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04, 16.04, 18.04
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Virtualization 4.0
Redhat Enterprise Linux Server 7.0
Samba Samba *

References

NameSourceURLTags
105085http://www.securityfocus.com/bid/105085BIDThird Party Advisory VDB Entry
1042002http://www.securitytracker.com/id/1042002SECTRACKThird Party Advisory VDB Entry
RHSA-2018:2612https://access.redhat.com/errata/RHSA-2018:2612REDHATThird Party Advisory
RHSA-2018:2613https://access.redhat.com/errata/RHSA-2018:2613REDHATThird Party Advisory
RHSA-2018:3056https://access.redhat.com/errata/RHSA-2018:3056REDHATThird Party Advisory
RHSA-2018:3470https://access.redhat.com/errata/RHSA-2018:3470REDHATThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858CONFIRMIssue Tracking Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10284https://kc.mcafee.com/corporate/index?page=content&id=SB10284CONFIRM
GLSA-202003-52https://security.gentoo.org/glsa/202003-52GENTOO
https://security.netapp.com/advisory/ntap-20180814-0001/https://security.netapp.com/advisory/ntap-20180814-0001/CONFIRMThird Party Advisory
USN-3738-1https://usn.ubuntu.com/3738-1/UBUNTUThird Party Advisory
DSA-4271https://www.debian.org/security/2018/dsa-4271DEBIANThird Party Advisory
https://www.samba.org/samba/security/CVE-2018-10858.htmlhttps://www.samba.org/samba/security/CVE-2018-10858.htmlCONFIRMVendor Advisory