The Samba-Bugzilla – Attachment 14674 Details for
Bug 13674
[SECURITY] CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
updated advisory with CVE number
BUG-13674.txt (text/plain), 1.98 KB, created by
Karolin Seeger
on 2018-11-21 11:52:54 UTC
(
hide
)
Description:
updated advisory with CVE number
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2018-11-21 11:52:54 UTC
Size:
1.98 KB
patch
obsolete
>=========================================================== >== Subject: NULL pointer de-reference in Samba AD DC LDAP server >== >== CVE ID#: CVE-2018-16851 >== >== Versions: All versions of Samba from 4.0.0 onwards. >== >== Summary: A user able to read more than 256MB of LDAP entires > can crash the Samba AD DC's LDAP server. >=========================================================== > >=========== >Description >=========== > >During the processing of an LDAP search before Samba's AD DC returns >the LDAP entries to the client, the entries are cached in a single >memory object with a maximum size of 256MB. When this size is >reached, the Samba process providing the LDAP service will follow the >NULL pointer, terminating the process. > >There is no further vulnerability associated with this issue, merely a >denial of service. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========================= >Workaround and mitigation >========================= > >When Samba 4.7 (or later) is started in the default 'standard' process >model only the process used for the connection back to the attacker's >client crashes. > >By default anonymous access is only available to the rootDSE (server >metadata), so only authenticated users can read large volumes of data. > >======= >Credits >======= > >Originally reported by Garming Sam of the Samba Team and Catalyst > >Patches provided by Garming Sam of the Samba Team and Catalyst. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14674">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13674
:
14566
|
14567
|
14577
|
14596
|
14673
| 14674