QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10918

Published: Aug 22, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.2

MEDIUM

Description

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.

Vendor	Product	Versions
The Samba Team	samba	affected `4.7.9` affected `4.8.4`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://www.samba.org/samba/security/CVE-2018-10918.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10918

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

https://security.netapp.com/advisory/ntap-20180814-0001/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.