The Samba-Bugzilla – Attachment 17140 Details for
Bug 13600
[SECURITY] CVE-2018-14629 CNAME loops in Samba AD DC DNS server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory text (v03)
CVE-2018-14629-v3.txt (text/plain), 1.55 KB, created by
Andrew Bartlett
on 2022-02-01 00:13:03 UTC
(
hide
)
Description:
advisory text (v03)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-02-01 00:13:03 UTC
Size:
1.55 KB
patch
obsolete
>==================================================================== >== Subject: Unprivileged adding of CNAME record causing loop >== in AD Internal DNS server >== >== CVE ID#: CVE-2018-14629 >== >== Versions: All versions of Samba from 4.0.0 onwards. >== >== Summary: CNAME loops can cause DNS server crashes, and CNAMEs >== can be added by unprivileged users. >== >==================================================================== > >=========== >Description >=========== > >All versions of Samba from 4.0.0 onwards are vulnerable to infinite >query recursion caused by CNAME loops. Any dns record can be added via >ldap by an unprivileged user using the ldbadd tool, so this is a >security issue. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.7.12, 4.8.7, and 4.9.3 have been issued as >security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon as >possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >The Samba AD DC can be configured to use BIND9 for DNS. > >This is done by running > samba_upgradedns --dns-backend=BIND9_DLZ >and then disabling the 'dns' service in the smb.conf (eg 'server services = >-dns) > >======= >Credits >======= > >The initial bug was found by Florian Stülpner > >Aaron Haslett of Catalyst did the investigation and wrote the patch.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13600
:
14460
|
14537
|
14572
|
14573
|
14574
|
14575
|
14594
|
14631
|
14632
|
14635
|
14636
|
14649
|
14667
|
14668
|
14670
|
14685
|
14691
|
14692
|
14693
|
14694
|
14696
|
14697
|
14704
|
14711
|
14712
|
14717
|
14719
|
14720
|
14724
| 17140