CVE-2018-1050
moderate-risk
Published 2018-03-13
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
Do I need to act?
!
22.4% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (14)
References (36)
Third Party Advisory
http://www.securityfocus.com/bid/103387
Third Party Advisory
http://www.securitytracker.com/id/1040493
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1860
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1883
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1538771
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur...
Third Party Advisory
https://security.gentoo.org/glsa/201805-07
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180313-0001/
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...
Third Party Advisory
https://usn.ubuntu.com/3595-1/
Third Party Advisory
https://usn.ubuntu.com/3595-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4135
Third Party Advisory
http://www.securityfocus.com/bid/103387
Third Party Advisory
http://www.securitytracker.com/id/1040493
and 16 more references
47
/ 100
moderate-risk
Severity
15/34 · Moderate
Exploitability
14/34 · Moderate
Exposure
18/34 · Moderate