SB2018112819 - Double-free error in samba (Alpine package)
Published: November 28, 2018
Security Bulletin ID
SB2018112819
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double-free error (CVE-ID: CVE-2018-16841)
The vulnerability allows a remote authenticated attacker to cause DoS condition.
The vulnerability exists due to Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ when configured to accept smart-card authentication. A remote attacker can trigger double-free with talloc_free() and directly calls abort() and cause the KDC process to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3fc4f7d95608cc32f264afea7c233f8259d802cf
- https://git.alpinelinux.org/aports/commit/?id=ec384894ee4c2d2edcaf58ed9ecf41f6a5663ce5
- https://git.alpinelinux.org/aports/commit/?id=3c92c02863b4b67c4e216314fd0d93ce47b5e5f5
- https://git.alpinelinux.org/aports/commit/?id=f7ba3ea2bf6a0f6310a8526c95d88f7986735f8c
- https://git.alpinelinux.org/aports/commit/?id=bd73fabb2c22b54983d0f10ae0d7c7b441b26001
- https://git.alpinelinux.org/aports/commit/?id=5a2238501aacaf1b6c86507ac383022e1b09450e