====================================================================
== Subject:     Unprivileged adding of CNAME record causing loop
==              in AD LDAP server
==
== CVE ID#:     CVE-2018-XXXX
==
== Versions:    All versions of Samba from 4.0.0 onwards.
==
== Summary:     CNAME loops can cause DNS server crashes, and CNAMEs
==              can be added by unprivileged users.
==
====================================================================

===========
Description
===========

All versions of Samba from 4.0.0 onwards are vulnerable infinite query
recursion caused by CNAME loops.  Any dns record can be added via ldap by an
unprivileged user using the ldbadd tool, so this is a security issue.

==================
Patch Availability
==================

No patch is currently availability.

==========
Workaround
==========

No workaround is possible while acting as a Samba AD DC.

Disabling the 'ldap' services in the smb.conf (eg 'server services =
-ldap) would remove essential elements in the AD DC.

=======
Credits
=======

The initial bugs were found by the Andrew Bartlett of Catalyst.
Andrew Bartlett of Catalyst and the Samba Team did the investigation
and provided the final fix.