Think you have a false positive on this rule?

Sid 1-46278

Message

SERVER-SAMBA Samba spoolss denial of service attempt

Summary

This event is generated when an attacker attempts to exploit a denial of service vulnerability present in the Samba spoolss service.

Impact

Detection of a Denial of Service Attack

CVE-2018-1050:

CVSS base score

CVSS impact score

CVSS exploitability score

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed information

Rule checks for an attempt to trigger a denial of service vulnerability present in the Samba spoolss service. CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Affected systems

Ease of attack

Medium

False positives

Not known

False negatives

Not known

Corrective action

https://www.samba.org/samba/security/CVE-2018-1050.html

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • samba.org/samba/security/CVE-2018-1050.html