When DNS scavenging a record that has been deleted and then re-created, the objectclass_attrs module can crash while handling a record with dNSTombstoned: FALSE set. Any user owning a DNS record can set this attribute, and so crash the kcc task on the Samba AD DC, if dns scavenging is enabled on the zone and globally.
Created attachment 15758 [details] patch for master to fix this issue (with tests!) I would rather not make a security release for this, but this is uploaded here so we can consider what we should do.
I've run the sums on this and I think it would score a: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (4.3) We published a different number, but I think a more correct number for CVE-2019-19344 was probably (5.4). CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L In both cases Douglas reminds me that we can run for a very long time without a KCC, which is why I've changed the availabilty impact to 'Low'. I don't think we need a CVE this then (as a 4.3). Therefore I'm removing the embargo.
Created attachment 15803 [details] patch for Samba 4.12 (cherry-picked from master patch)
Created attachment 15804 [details] patch for Samba 4.11 (cherry-picked from master patch)
Created attachment 15805 [details] patch for Samba 4.10 (cherry-picked from master patch)
Pushed to autobuild-v4-{10,11,12}-test.
(In reply to Karolin Seeger from comment #6) Pushed to all branches. Closing out bug report. Thanks!