The Samba-Bugzilla – Attachment 14278 Details for
Bug 13374
[SECURITY] CVE-2018-1140 ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated CVE text
CVE-2018-1140.txt (text/plain), 1.88 KB, created by
Andrew Bartlett
on 2018-07-05 04:38:58 UTC
(
hide
)
Description:
Updated CVE text
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-07-05 04:38:58 UTC
Size:
1.88 KB
patch
obsolete
>==================================================================== >== Subject: Denial of Service Attack on DNS and LDAP server >== >== CVE ID#: CVE-2018-1140 >== >== Versions: All versions of Samba from 4.8.0 onwards. >== >== Summary: Missing null pointer checks may crash the Samba AD >== DC, both over DNS and LDAP >== >==================================================================== > >=========== >Description >=========== > >All versions of Samba from 4.8.0 onwards are vulnerable to a denial of >service attack when Samba is an Active Directory Domain Controller. > >Missing input sanitization checks on some of the input parameters to >LDB database layer cause the LDAP server and DNS server to crash when >following a NULL pointer. > >There is no further vulnerability associated with this error, merely a >denial of service. > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.8.4, LDB 1.4.1 and 1.3.5 have been issued as a >security release to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >========== >Workaround >========== > >No workaround is possible while acting as a Samba AD DC. > >Disabling the 'dns' and 'ldap' services in the smb.conf (eg 'server >services = -dns -ldap) would remove essential elements in the AD DC. > >The use of BIND9_DLZ (loading a DLZ .so for LDB database access into >the BIND 9 DNS server) is subject to the same issue. > >======= >Credits >======= > >The initial bugs were found by the Laurent Debomy (DNS) and Andrej >Gessel (LDB). Kai Blin of the Samba Team, Garming Sam, Douglas >Bagnall and Andrew Bartlett of Catalyst and the Samba Team did the >investigation and provided the final fix.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
dbagnall
:
review+
Actions:
View
Attachments on
bug 13374
:
14113
|
14206
|
14207
|
14208
|
14267
|
14270
|
14271
|
14272
|
14273
|
14274
|
14275
|
14276
| 14278 |
14279
|
14282
|
14283
|
14289
|
14290
|
14295
|
14296
|
14297
|
14316
|
14317
|
14418
|
14419