CVE-2018-10858

CVE-2018-10858

Name

CVE-2018-10858

Description

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.samba.org/samba/security/CVE-2018-10858.html
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858
Third Party Advisory	https://www.debian.org/security/2018/dsa-4271
Third Party Advisory	https://usn.ubuntu.com/3738-1/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20180814-0001/
Third Party Advisory	http://www.securityfocus.com/bid/105085
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3056
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3470
Third Party Advisory	http://www.securitytracker.com/id/1042002
CONFIRM	https://kc.mcafee.com/corporate/index?page=content&id=SB10284
GENTOO	https://security.gentoo.org/glsa/202003-52

Type

URI

Vendor Advisory

https://www.samba.org/samba/security/CVE-2018-10858.html

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858

Third Party Advisory

https://www.debian.org/security/2018/dsa-4271

Third Party Advisory

https://usn.ubuntu.com/3738-1/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180814-0001/

Third Party Advisory

http://www.securityfocus.com/bid/105085

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2613

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2612

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3056

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Third Party Advisory

http://www.securitytracker.com/id/1042002

CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

GENTOO

https://security.gentoo.org/glsa/202003-52

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:debian:debian_linux:9.0:::::::*`	debian_linux	== None	== 9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

debian_linux

== None

== 9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
samba	edge-main	4.8.4-r0	None	fixed
samba	3.22-main	4.8.4-r0	None	fixed
samba	3.21-main	4.8.4-r0	None	fixed
samba	3.20-main	4.8.4-r0	None	fixed
samba	3.19-main	4.8.4-r0	None	fixed
samba	3.18-main	4.8.4-r0	None	fixed
samba	3.17-main	4.8.4-r0	None	fixed
samba	3.12-main	4.8.4-r0	None	fixed
samba	3.11-main	4.8.4-r0	None	fixed
samba	3.10-main	4.8.4-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

samba

edge-main

4.8.4-r0

None

fixed

samba

3.22-main