Denial of Service Attack on DNS and LDAP server

ID SAMBA:CVE-2018-1140
Type samba
Reporter Samba
Modified 2018-08-14T00:00:00


All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller. Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer. There is no further vulnerability associated with this error, merely a denial of service.