pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2018-2488/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

675 lines
36 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182488",
"Version": "oval:org.altlinux.errata:def:20182488",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2488: package `samba` update to version 4.8.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2488",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2488",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01262",
"RefURL": "https://bdu.fstec.ru/vul/2017-01262",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00367",
"RefURL": "https://bdu.fstec.ru/vul/2018-00367",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00368",
"RefURL": "https://bdu.fstec.ru/vul/2018-00368",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00223",
"RefURL": "https://bdu.fstec.ru/vul/2019-00223",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00224",
"RefURL": "https://bdu.fstec.ru/vul/2019-00224",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01639",
"RefURL": "https://bdu.fstec.ru/vul/2019-01639",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00691",
"RefURL": "https://bdu.fstec.ru/vul/2020-00691",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00692",
"RefURL": "https://bdu.fstec.ru/vul/2020-00692",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00693",
"RefURL": "https://bdu.fstec.ru/vul/2020-00693",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00694",
"RefURL": "https://bdu.fstec.ru/vul/2020-00694",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01289",
"RefURL": "https://bdu.fstec.ru/vul/2021-01289",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01421",
"RefURL": "https://bdu.fstec.ru/vul/2021-01421",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01422",
"RefURL": "https://bdu.fstec.ru/vul/2021-01422",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01424",
"RefURL": "https://bdu.fstec.ru/vul/2021-01424",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01425",
"RefURL": "https://bdu.fstec.ru/vul/2021-01425",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01433",
"RefURL": "https://bdu.fstec.ru/vul/2021-01433",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01435",
"RefURL": "https://bdu.fstec.ru/vul/2021-01435",
"Source": "BDU"
},
{
"RefID": "CVE-2016-2123",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2123",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2125",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2125",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2126",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11103",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11103",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12150",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12150",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12151",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12151",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12163",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12163",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14746",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14746",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15275",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15275",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2619",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2619",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7494",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7494",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1050",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1057",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1057",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10858",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10858",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10918",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10919",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10919",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1139",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1139",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1140",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1140",
"Source": "CVE"
}
],
"Description": "This update upgrades samba to version 4.8.6-alt1. \nSecurity Fix(es):\n\n * BDU:2017-01262: Уязвимость сетевой файловой системы Samba, позволяющая выполнить произвольный код\n\n * BDU:2018-00367: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2018-00368: Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей\n\n * BDU:2019-00223: Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием подписи SMB-трафика, позволяющая нарушителю реализовать атаку «человек посередине»\n\n * BDU:2019-00224: Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием требования подписи и шифрования SMB-трафика при использовании перенаправлений DFS, позволяющая нарушителю реализовать атаку «человек посередине»\n\n * BDU:2019-01639: Уязвимость программного обеспечения Samba, связанная c переполнением буфера динамической памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2020-00691: Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00692: Уязвимость компонента Active Directory LDAP-сервера программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным\n\n * BDU:2020-00693: Уязвимость компонента аутентификации NTLMv1 программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным\n\n * BDU:2020-00694: Уязвимость компонента LDAP-сервера программ сетевого взаимодействия Samba, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01289: Уязвимость парсера ndr_pull_dnsp_name пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01421: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01422: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01424: Уязвимость функции _krb5_extract_ticket() пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма проверки подлинности данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01425: Уязвимость реализации протокола Kerberos пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01433: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2021-01435: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2016-2123: A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.\n\n * CVE-2016-2125: It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.\n\n * CVE-2016-2126: Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.\n\n * CVE-2017-11103: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.\n\n * CVE-2017-12150: It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.\n\n * CVE-2017-12151: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.\n\n * CVE-2017-12163: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.\n\n * CVE-2017-14746: Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.\n\n * CVE-2017-15275: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.\n\n * CVE-2017-2619: Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.\n\n * CVE-2017-7494: Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.\n\n * CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.\n\n * CVE-2018-1057: On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).\n\n * CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.\n\n * CVE-2018-10918: A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.\n\n * CVE-2018-10919: The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.\n\n * CVE-2018-1139: A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.\n\n * CVE-2018-1140: A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable\n\n * #33118: [PATCH] исправление работы --without docs\n\n * #33210: samba ругается на rlimit_max",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-10-16"
},
"Updated": {
"Date": "2018-10-16"
},
"BDUs": [
{
"ID": "BDU:2017-01262",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2017-01262",
"Impact": "Critical",
"Public": "20170524"
},
{
"ID": "BDU:2018-00367",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2018-00367",
"Impact": "High",
"Public": "20180313"
},
{
"ID": "BDU:2018-00368",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-863",
"Href": "https://bdu.fstec.ru/vul/2018-00368",
"Impact": "High",
"Public": "20180313"
},
{
"ID": "BDU:2019-00223",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-300",
"Href": "https://bdu.fstec.ru/vul/2019-00223",
"Impact": "High",
"Public": "20170920"
},
{
"ID": "BDU:2019-00224",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-300",
"Href": "https://bdu.fstec.ru/vul/2019-00224",
"Impact": "High",
"Public": "20170920"
},
{
"ID": "BDU:2019-01639",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01639",
"Impact": "High",
"Public": "20180822"
},
{
"ID": "BDU:2020-00691",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-00691",
"Impact": "Low",
"Public": "20180822"
},
{
"ID": "BDU:2020-00692",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-00692",
"Impact": "Low",
"Public": "20180822"
},
{
"ID": "BDU:2020-00693",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-522",
"Href": "https://bdu.fstec.ru/vul/2020-00693",
"Impact": "High",
"Public": "20180822"
},
{
"ID": "BDU:2020-00694",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-00694",
"Impact": "Low",
"Public": "20180822"
},
{
"ID": "BDU:2021-01289",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01289",
"Impact": "High",
"Public": "20181101"
},
{
"ID": "BDU:2021-01421",
"CVSS": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2021-01421",
"Impact": "High",
"Public": "20180312"
},
{
"ID": "BDU:2021-01422",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01422",
"Impact": "Critical",
"Public": "20171127"
},
{
"ID": "BDU:2021-01424",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-345",
"Href": "https://bdu.fstec.ru/vul/2021-01424",
"Impact": "High",
"Public": "20170713"
},
{
"ID": "BDU:2021-01425",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-01425",
"Impact": "Low",
"Public": "20170511"
},
{
"ID": "BDU:2021-01433",
"CVSS": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-01433",
"Impact": "High",
"Public": "20180726"
},
{
"ID": "BDU:2021-01435",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01435",
"Impact": "High",
"Public": "20171127"
}
],
"CVEs": [
{
"ID": "CVE-2016-2123",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2123",
"Impact": "High",
"Public": "20181101"
},
{
"ID": "CVE-2016-2125",
"CVSS": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2125",
"Impact": "Low",
"Public": "20181031"
},
{
"ID": "CVE-2016-2126",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2126",
"Impact": "Low",
"Public": "20170511"
},
{
"ID": "CVE-2017-11103",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-345",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11103",
"Impact": "High",
"Public": "20170713"
},
{
"ID": "CVE-2017-12150",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12150",
"Impact": "High",
"Public": "20180726"
},
{
"ID": "CVE-2017-12151",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12151",
"Impact": "High",
"Public": "20180727"
},
{
"ID": "CVE-2017-12163",
"CVSS": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12163",
"Impact": "High",
"Public": "20180726"
},
{
"ID": "CVE-2017-14746",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14746",
"Impact": "Critical",
"Public": "20171127"
},
{
"ID": "CVE-2017-15275",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15275",
"Impact": "High",
"Public": "20171127"
},
{
"ID": "CVE-2017-2619",
"CVSS": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2619",
"Impact": "High",
"Public": "20180312"
},
{
"ID": "CVE-2017-7494",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7494",
"Impact": "Critical",
"Public": "20170530"
},
{
"ID": "CVE-2018-1050",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1050",
"Impact": "Low",
"Public": "20180313"
},
{
"ID": "CVE-2018-1057",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1057",
"Impact": "High",
"Public": "20180313"
},
{
"ID": "CVE-2018-10858",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10858",
"Impact": "High",
"Public": "20180822"
},
{
"ID": "CVE-2018-10918",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10918",
"Impact": "Low",
"Public": "20180822"
},
{
"ID": "CVE-2018-10919",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10919",
"Impact": "Low",
"Public": "20180822"
},
{
"ID": "CVE-2018-1139",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-522",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1139",
"Impact": "High",
"Public": "20180822"
},
{
"ID": "CVE-2018-1140",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1140",
"Impact": "Low",
"Public": "20180822"
}
],
"Bugzilla": [
{
"ID": "33118",
"Href": "https://bugzilla.altlinux.org/33118",
"Data": "[PATCH] исправление работы --without docs"
},
{
"ID": "33210",
"Href": "https://bugzilla.altlinux.org/33210",
"Data": "samba ругается на rlimit_max"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182488001",
"Comment": "ctdb is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488002",
"Comment": "ctdb-tests is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488003",
"Comment": "libnetapi is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488004",
"Comment": "libsmbclient is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488005",
"Comment": "libsmbclient-devel is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488006",
"Comment": "libwbclient is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488007",
"Comment": "libwbclient-devel is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488008",
"Comment": "python-module-samba is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488009",
"Comment": "python3-module-samba is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488010",
"Comment": "samba is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488011",
"Comment": "samba-client is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488012",
"Comment": "samba-client-libs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488013",
"Comment": "samba-common is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488014",
"Comment": "samba-common-libs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488015",
"Comment": "samba-common-tools is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488016",
"Comment": "samba-dc is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488017",
"Comment": "samba-dc-libs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488018",
"Comment": "samba-devel is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488019",
"Comment": "samba-libs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488020",
"Comment": "samba-pidl is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488021",
"Comment": "samba-test is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488022",
"Comment": "samba-vfs-cephfs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488023",
"Comment": "samba-vfs-glusterfs is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488024",
"Comment": "samba-winbind is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488025",
"Comment": "samba-winbind-clients is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488026",
"Comment": "samba-winbind-krb5-localauth is earlier than 0:4.8.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182488027",
"Comment": "samba-winbind-krb5-locator is earlier than 0:4.8.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink