1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2018-1050.html:</H2>
15 ====================================================================
16 == Subject: Denial of Service Attack on external print server.
18 == CVE ID#: CVE-2018-1050
20 == Versions: All versions of Samba from 3.6.0 onwards.
22 == Summary: Missing null pointer checks may crash the external
23 == print server process.
25 ====================================================================
31 All versions of Samba from 3.6.0 onwards are vulnerable to a denial of
32 service attack when the RPC spoolss service is configured to be run as
33 an external daemon. Missing input sanitization checks on some of the
34 input parameters to spoolss RPC calls could cause the print spooler
37 There is no known vulnerability associated with this error, merely a
38 denial of service. If the RPC spoolss service is left by default as an
39 internal service, all a client can do is crash its own authenticated
46 A patch addressing this defect has been posted to
48 http://www.samba.org/samba/security/
50 Additionally, Samba 4.7.6, 4.6.14 and 4.5.16 have been issued as
51 security releases to correct the defect. Patches against older Samba
52 versions are available at http://samba.org/samba/patches/. Samba
53 vendors and administrators running affected versions are advised to
54 upgrade or apply the patch as soon as possible.
62 rpc_server:spoolss = external
64 is not set in the [global] section of your smb.conf.
70 This problem was found by the Synopsys Defensics intelligent fuzz
71 testing tool. Jeremy Allison of Google and the Samba Team provided