The Samba-Bugzilla – Attachment 14401 Details for
Bug 13552
[SECURITY] [CVE-2018-10918] - DsCrackNames on a user without an SPN can trigger NULL-pointer de-reference
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
CVE text updated with CVE number.
CVE-2018-10918.txt (text/plain), 1.63 KB, created by
Jeremy Allison
on 2018-08-07 23:45:21 UTC
(
hide
)
Description:
CVE text updated with CVE number.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2018-08-07 23:45:21 UTC
Size:
1.63 KB
patch
obsolete
>==================================================================== >== Subject: Denial of Service Attack on AD DC DRSUAPI server >== >== CVE ID#: CVE-2018-10918 >== >== Versions: All versions of Samba from 4.7.0 onwards. >== >== Summary: Missing null pointer checks may crash the Samba AD >== DC, over the authenticated DRSUAPI RPC service. >== >==================================================================== > >=========== >Description >=========== > >All versions of Samba from 4.7.0 onwards are vulnerable to a denial of >service attack which can crash the "samba" process when Samba is an >Active Directory Domain Controller. > >Missing database output checks on the returned directory attributes >from the LDB database layer cause the DsCrackNames call in the DRSUAPI >server to crash when following a NULL pointer. > >This call is only available after authentication. > >There is no further vulnerability associated with this error, merely a >denial of service. > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.8.4 and Samba 4.7.9 have been issued as a >security release to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >========== >Workaround >========== > >No workaround is possible while acting as a Samba AD DC. > >======= >Credits >======= > >The issue was reported by Volker Mauel. Andrew Bartlett of Catalyst >and the Samba Team provided the test and patches.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14401">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
gary
:
review+
abartlet
:
review+
Actions:
View
Attachments on
bug 13552
:
14359
|
14360
|
14361
|
14362
| 14401