Lucene search

K
sambaSamba SecuritySAMBA:CVE-2018-1140
HistoryAug 14, 2018 - 12:00 a.m.

Denial of Service Attack on DNS and LDAP server

2018-08-1400:00:00
Samba Security
www.samba.org
1111

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.786 High

EPSS

Percentile

98.2%

Description

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.

Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.

There is no further vulnerability associated with this error, merely a
denial of service.

Patch Availability

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 4.8.4, LDB 1.4.1 and 1.3.5 have been issued as a
security release to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

Workaround

No workaround is possible while acting as a Samba AD DC.

Disabling the ‘dns’ and ‘ldap’ services in the smb.conf (eg 'server
services = -dns -ldap) would remove essential elements in the AD DC.

The use of BIND9_DLZ (loading a DLZ .so for LDB database access into
the BIND 9 DNS server) is subject to the same issue.

Credits

The initial bugs were found by the Laurent Debomy (DNS) and Andrej
Gessel (LDB). Kai Blin of the Samba Team, Garming Sam, Douglas
Bagnall and Andrew Bartlett of Catalyst and the Samba Team did the
investigation and provided the final fix.

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.786 High

EPSS

Percentile

98.2%

Related for SAMBA:CVE-2018-1140