6.5

CVE-2018-10918

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
SambaSamba Version >= 4.7.0 < 4.7.9
SambaSamba Version >= 4.8.0 < 4.8.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 5.2 1.5 3.6
CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20180814-0001/
Third Party Advisory
https://usn.ubuntu.com/3738-1/
Third Party Advisory
http://www.securityfocus.com/bid/105083
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10918
Third Party Advisory
Issue Tracking
https://www.samba.org/samba/security/CVE-2018-10918.html
Patch
Vendor Advisory