Samba - Security Announcement Archive

CVE-2018-10858.html
===========================================================
== Subject:     Insufficient input validation on client directory
==		listing in libsmbclient.
==
== CVE ID#:     CVE-2018-10858
==
== Versions:    Samba 3.2.0 - 4.8.3 (inclusive)
==
== Summary:     A malicious server could return a directory entry
==		that could corrupt libsmbclient memory.
==
===========================================================

===========
Description
===========

Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server to overwrite
client heap memory by returning an extra long filename in a directory
listing.

==================
Patch Availability
==================

Patches addressing this issue have been posted to:

    http://www.samba.org/samba/security/

Samba versions 4.6.16, 4.7.9 and 4.8.4 have been released with fixes for
this issue.

==========
Workaround
==========

None

=======
Credits
=======

This vulnerability was found by Svyatoslav Phirsov and was fixed
by Jeremy Allison of Google and the Samba team.