Sebastian on the samba mailing list reports: Hello! I'd like to make Samba's internal DNS server authoritative for my AD domain, e.g. "ad.sebastian.intranet". It shall not query the configured upstream forward DNS server for names below its AD domain. If Samba's internal DNS server doesn't know a subdomain of the AD domain name, it simply does not exist. If proven, this looks like a security issue as remote untrusted upstream nameservers could provide malicious addresses for internal names that should just get NXDOMAIN.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N (4.2) This requires that there be a malicious upstream DNS server or the use of a not-registered DNS domain (common, but not our problem). The CVSS 3.1 is less than 5.0, so I will see advise on making this pubic. Additionally, the original disclosure was public, so if we remove the embargo and treat as a normal bug, in the hope that this may encourage someone to implement a fix.
Removing embargo as this bug doesn't meet our guidelines for an embargoed security release and the initial report was public anyway.