The Samba-Bugzilla – Attachment 15227 Details for
Bug 13951
CVE-2019-12436 [SECURITY] paged_searches crash on LDAP and [homes] access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated Advisory (v01)
CVE-2019-12436-advisory-01.txt (text/plain), 2.32 KB, created by
Andrew Bartlett
on 2019-06-08 08:27:20 UTC
(
hide
)
Description:
Updated Advisory (v01)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-06-08 08:27:20 UTC
Size:
2.32 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC LDAP server crash (VLV and paged searches) >== >== CVE ID#: CVE-2019-12436 >== >== Versions: All versions of Samba since Samba 4.10.0 >== >== Summary: A user with read access to the directory can > cause a NULL pointer dereference using the > paged search control. >=========================================================== > >=========== >Description >=========== > >A user with read access to the LDAP server can crash the LDAP >server process. Depending on the Samba version and the choice >of process model, this may crash only the user's own connection. > >Specifically, while in Samba 4.10 the default is for one process per >connected client, site-specific configuration trigger can change >this. > >Samba 4.10 also supports the 'prefork' process model and by >using the -M option to 'samba' and a 'single' process model. >Both of these share on process between multiple clients. > >NOTE WELL: the original report on this issue to the Samba Team >suggested a correlation between this NULL pointer de-reference with >access to the \\DC\homes share on an AD DC, including a persistent >service failure. The Samba Team has been unable to corroborate this >failure mode, and has instead focused on addressing the original >issue. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.10.5 has been issued as a security release to >correct the defect. Samba administrators are advised to upgrade to >this release or apply the patch as soon as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >Return to the default configuration by running 'samba' with -M >standard, however this may consume more memory and would not address >the \\DC\homes issue. > >======= >Credits >======= > >Originally reported by Zombie Ryushu. > >Patches provided by Douglas Bagnall of Catalyst and the Samba team. >Advisory written by Andrew Bartlett of Catalyst and the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15227">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13951
:
15159
|
15165
|
15166
|
15173
|
15174
|
15175
|
15198
|
15226
|
15227
|
15228
|
15230
|
15231