CVE-2018-1140 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

14.5%

top 5.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba THE Samba Team Samba

Timeline

PublishedAug 22

Latest updateMay 13

Description

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.8.0 — 4.8.4

▶Debiansamba/samba< 2:4.8.4+dfsg-1+3

▶CVEListV5the_samba_team/samba4.8.0 and newer

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-7rxg-m3xw-pq9p: A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server↗2022-05-13

▶

CVEList

CVE-2018-1140: A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server↗2018-08-22

▶

OSV

CVE-2018-1140: A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server↗2018-08-22

▶

📋Vendor Advisories

Red Hat

libldb: LDAP server crash via distinguishedName↗2018-08-16

▶

Debian

CVE-2018-1140: samba - A missing input sanitization flaw was found in the implementation of LDP databas...↗2018

▶

💬Community

Bugzilla

CVE-2018-1140 libldb: samba: LDAP server crash via distinguishedName [fedora-all]↗2018-08-17

▶

Bugzilla

CVE-2018-1140 libldb: LDAP server crash via distinguishedName↗2018-05-21

▶