Bug 1612805 (CVE-2018-10858)

Summary: CVE-2018-10858 samba: Insufficient input validation in libsmbclient
Product: [Other] Security Response Reporter: Siddharth Sharma <sisharma>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, anoopcs, asn, bmcclain, dblechte, dfediuck, eedri, gdeschner, jarrpa, jstephen, lmohanty, madam, mgoldboi, michal.skrivanek, rhs-smb, sankarshan, sbonazzo, sbose, security-response-team, sherold, sisharma, ssaha, ssorce, vbellur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: samba 4.6.16, samba 4.7.9, samba 4.8.4 Doc Type: If docs needed, set a value
Doc Text:
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:35:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1612809, 1614269, 1617912, 1618565, 1618697    
Bug Blocks: 1610646    

Description Siddharth Sharma 2018-08-06 10:34:45 UTC 
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing.
Comment 4 Sam Fowler 2018-08-16 03:43:37 UTC 
External Reference:

https://www.samba.org/samba/security/CVE-2018-10858.html
Comment 7 Siddharth Sharma 2018-08-17 11:08:28 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1618697]
Comment 8 errata-xmlrpc 2018-09-04 06:29:37 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2018:2613 https://access.redhat.com/errata/RHSA-2018:2613
Comment 9 errata-xmlrpc 2018-09-04 06:31:57 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 6

Via RHSA-2018:2612 https://access.redhat.com/errata/RHSA-2018:2612
Comment 10 errata-xmlrpc 2018-10-30 07:26:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3056 https://access.redhat.com/errata/RHSA-2018:3056
Comment 11 errata-xmlrpc 2018-11-05 14:57:55 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2018:3470 https://access.redhat.com/errata/RHSA-2018:3470