Plugins Database As of 12-10-2019

Ubuntu Update for samba USN-4167-1

Ubuntu Local Security Checks
Impact by CVSS Score
  • ID:

CVSS Base Vector:

The remote host is missing an update for the 'samba' Linux Distribution Package(s) announced via the USN-4167-1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with 'get changes' permissions could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14847)

Affected Versions:
'samba' Linux Distribution Package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

CVSS Score
2019-10-30 03:00:49
2019-10-30 10:03:24

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.