430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Samba fixed two critical vulnerabilities, update your version as soon as possible

  Maintainers at the Samba project have released new versions of the popular networking software to fix two critical vulnerabilities. Maintainers at the Samba project have released new versions of the popular open-source networking software to address two critical vulnerabilities that could be exploited by unprivileged remote attackers to launch DoS attacks against servers and […]

samba CVE-2021-44142

 

Maintainers at the Samba project have released new versions of the popular networking software to fix two critical vulnerabilities.

Maintainers at the Samba project have released new versions of the popular open-source networking software to address two critical vulnerabilities that could be exploited by unprivileged remote attackers to launch DoS attacks against servers and change any users’ passwords, including administrators ‘ones.

Samba has provided secure and fast file and print services for all clients using the SMB/CIFS protocol, it allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows OS.

The maintainers of Samba have addressed the vulnerabilities with the release of the Samba versions 4.7.6, 4.6.14, 4.5.16.

The first DoS vulnerability tracked as CVE-2018-1050 could be exploited “when the RPC spoolss service is configured to be run as an external daemon.”

The vulnerability is caused by the lack of input sanitizations checks on some parameters and affects all versions of Samba from 4.0.0 onwards.

“Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. If the RPC spoolss service is left by default as an internal service, all a client can do is crash its own authenticated connection.” reads the security advisory.

samba critical vulnerabilities

A second flaw, tracked CVE-2018-1057, could be exploited by unprivileged authenticated users to change any other users’ passwords, including admin users, over LDAP. Samba doesn’t properly validate permissions of users when they request to modify passwords over LDAP.

The flaw only impacts on the Samba Active Directory DC, all versions of Samba’s AD DC and pre-release versions since Samba 4.0.0alpha13 are affected by this vulnerability.

Administrators need to update vulnerable servers immediately; further details have been published on the “Samba Security Releases” page.

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Samba critical vulnerabilities, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]