CVE-2018-1050
samba - security update
4.3
MEDIUM
CVSS 3.1
EPSS 19.7%
Description
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
How to fix CVE-2018-1050
To remediate CVE-2018-1050, upgrade the affected package to a fixed version below.
- —upgrade to 4.7.6-r0 or later
- —upgrade to 2:4.7.4+dfsg-2 or later
- —upgrade to 2:3.6.6-6+deb7u16 or later
- —upgrade to 2:4.5.12+dfsg-2+deb9u2 or later
Is CVE-2018-1050 being exploited?
Moderate — EPSS is 19.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 4.7.6-r0
- from 0, < 2:4.7.4+dfsg-2
- from 0, < 2:3.6.6-6+deb7u16
- from 0, < 2:4.5.12+dfsg-2+deb9u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |