Date: Tue, 14 Aug 2018 13:37:35 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r477152 - head/security/vuxml Message-ID: <201808141337.w7EDbZiu092000@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Tue Aug 14 13:37:34 2018 New Revision: 477152 URL: https://svnweb.freebsd.org/changeset/ports/477152 Log: Add an entry about multiple Samba vulnerabilities: * CVE-2018-1139 (Weak authentication protocol allowed.) * CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) * CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) * CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.) * CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.) Security: CVE-2018-1139 CVE-2018-1140 CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 Sponsored by: iXsystems Inc. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 14 13:33:20 2018 (r477151) +++ head/security/vuxml/vuln.xml Tue Aug 14 13:37:34 2018 (r477152) @@ -58,6 +58,74 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="c4e9a427-9fc2-11e8-802a-000c29a1e3ec"> + <topic>samba -- multiple vulnerabilities</topic> + <affects> + <package> + <name>samba46</name> + <range><lt>4.6.16</lt></range> + </package> + <package> + <name>samba47</name> + <range><lt>4.7.9</lt></range> + </package> + <package> + <name>samba48</name> + <range><lt>4.8.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The samba project reports:</p> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-1139.html">; + <p>Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which + allows authentication using NTLMv1 over an SMB1 transport (either + directory or via NETLOGON SamLogon calls from a member server), even + when NTLMv1 is explicitly disabled on the server.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-1140.html">; + <p>Missing input sanitization checks on some of the input parameters to + LDB database layer cause the LDAP server and DNS server to crash when + following a NULL pointer.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-10858.html">; + <p>Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in + libsmbclient that could allow a malicious server to overwrite + client heap memory by returning an extra long filename in a directory + listing.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-10918.html">; + <p>Missing database output checks on the returned directory attributes + from the LDB database layer cause the DsCrackNames call in the DRSUAPI + server to crash when following a NULL pointer.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-10919.html">; + <p>All versions of the Samba Active Directory LDAP server from 4.0.0 + onwards are vulnerable to the disclosure of confidential attribute + values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL + (0x80) searchFlags bit and where an explicit Access Control Entry has + been specified on the ntSecurityDescriptor.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.samba.org/samba/security/CVE-2018-1139.html</url>; + <cvename>CVE-2018-1139</cvename> + <url>https://www.samba.org/samba/security/CVE-2018-1140.html</url>; + <cvename>CVE-2018-1140</cvename> + <url>https://www.samba.org/samba/security/CVE-2018-10858.html</url>; + <cvename>CVE-2018-10858</cvename> + <url>https://www.samba.org/samba/security/CVE-2018-10918.html</url>; + <cvename>CVE-2018-10918</cvename> + <url>https://www.samba.org/samba/security/CVE-2018-10919.html</url>; + <cvename>CVE-2018-10919</cvename> + </references> + <dates> + <discovery>2018-08-14</discovery> + <entry>2018-08-14</entry> + </dates> + </vuln> + <vuln vid="e714b7d2-39f6-4992-9f48-e6b2f5f949df"> <topic>GraphicsMagick -- SVG/Rendering vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808141337.w7EDbZiu092000>