Created attachment 14359 [details] patch for master
Created attachment 14360 [details] proposed CVE text (needs CVE)
Can I (urgently) get a CVE for this. Our next security release needs to be locked in on 1 August and I would like this included. Thanks!
Created attachment 14361 [details] patch for master
Created attachment 14362 [details] patch for master
The master patch applies to 4.7 and 4.8 also.
CVE number requested from secalert@redhat.com.
CVE-2018-10918 assigned by Red Hat product security.
This is a CVSS 6.5 https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
The CVE text still contains the place holder(XXX) in CVE id CVE-2018-XXXX
Created attachment 14401 [details] CVE text updated with CVE number.
Samba 4.8.4, 4.9.7 an 4.6.16 have been released in order to address these defects.
(In reply to Karolin Seeger from comment #13) 4.7.9(In reply to Karolin Seeger from comment #13) Meant 4.7.9 of course and 4.6.16 is not affected by this issue
Pushed to autobuild-v4-9-test and autobuild-master.
Opening up bug. Redacted original description. My elaboration was: Likely due to elements being NULL here: case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: { if (result->elements[0].num_values > 1) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE; return WERR_OK; }
Pushed to both branches. Closing out bug report. Thanks!