The Samba-Bugzilla – Attachment 15226 Details for
Bug 13951
CVE-2019-12436 [SECURITY] paged_searches crash on LDAP and [homes] access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
WIP advisory
vlv_paged_search_security_advisory.txt (text/plain), 1.97 KB, created by
Andrew Bartlett
on 2019-06-06 15:02:31 UTC
(
hide
)
Description:
WIP advisory
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-06-06 15:02:31 UTC
Size:
1.97 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC LDAP server crash (VLV and paged searches) >== >== CVE ID#: >== >== Versions: All versions of Samba since Samba 4.5.0 >== >== Summary: A user with read access to the directory can > cause a NULL pointer dereference using either > the VLV or paged search controls. >=========================================================== > >=========== >Description >=========== > >A user with read access to the LDAP server can crash the LDAP >server process. Depending on the Samba version and the choice >of process model, this may crash only the user's own connection. > >Specifically, while the default in Samba 4.7.0 and later >(and so all supported Samba versions) is for one process per >connected client, site-specific configuration trigger can change >this. > >Samba 4.8 and later support the 'prefork' process model and by >using the -M option to 'samba' and all versions of Samba support >a 'single' process model. Both of these share on process between >multiple clients. > > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >Return to the default configuration by running 'samba' with -M >standard, however this may consume more memory. > >======= >Credits >======= > >Originally reported by Zombie Ryushu. > >Patches provided by Douglas Bagnall of Catalyst and the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15226">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13951
:
15159
|
15165
|
15166
|
15173
|
15174
|
15175
|
15198
|
15226
|
15227
|
15228
|
15230
|
15231