The Samba-Bugzilla – Attachment 15696 Details for
Bug 14050
[SECURITY] CVE-2019-19344 server crash with dns zone scavenging = yes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory with CVE (v1)
CVE-2019-19344-dns-scavange-advisory-01.txt (text/plain), 1.89 KB, created by
Andrew Bartlett
on 2019-12-19 00:57:59 UTC
(
hide
)
Description:
advisory with CVE (v1)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-12-19 00:57:59 UTC
Size:
1.89 KB
patch
obsolete
>=========================================================== >== Subject: Use after free during DNS zone scavenging >== in Samba AD DC >== >== CVE ID#: CVE-2019-19344 >== >== Versions: Samba 4.9 and later versions >== >== Summary: During DNS zone scavenging (of expired dynamic >== entries) there is a read of memory after it has >== been freed. >=========================================================== > >=========== >Description >=========== > >Samba 4.9 introduced an off-by-default feature to tombstone >dynamically created DNS records that had reached their expiry time. > >This feature is controlled by the smb.conf option: > dns zone scavenging = yes > >There is a use-after-free issue in this code, essentially due to a >call to realloc() while other local variables still point at the >original buffer. > >The use is a read, but in quite unlikely conditions (due to NDR >validation unpacking the buffer) that read memory might be saved back >into the DB. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >The code in question is not run in the default configuration, so >the workaround is simply to not set > dns zone scavenging = yes > >======= >Credits >======= > >Originally reported by Christian Naumer > >Patches provided by Andrew Bartlett of the Samba team and Catalyst. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gary
:
review+
abartlet
:
review+
Actions:
View
Attachments on
bug 14050
:
15325
|
15684
|
15691
|
15692
|
15693
|
15694
|
15696
|
15697
|
15698
|
15699
|
15700
|
15739
|
15740