1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2018-10858.html:</H2>
15 ===========================================================
16 == Subject: Insufficient input validation on client directory
17 == listing in libsmbclient.
19 == CVE ID#: CVE-2018-10858
21 == Versions: Samba 3.2.0 - 4.8.3 (inclusive)
23 == Summary: A malicious server could return a directory entry
24 == that could corrupt libsmbclient memory.
26 ===========================================================
32 Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
33 libsmbclient that could allow a malicious server to overwrite
34 client heap memory by returning an extra long filename in a directory
41 Patches addressing this issue have been posted to:
43 http://www.samba.org/samba/security/
45 Samba versions 4.6.16, 4.7.9 and 4.8.4 have been released with fixes for
58 This vulnerability was found by Svyatoslav Phirsov and was fixed
59 by Jeremy Allison of Google and the Samba team.