Lucene search

K
sambaSamba SecuritySAMBA:CVE-2018-16851
HistoryNov 27, 2018 - 12:00 a.m.

NULL pointer de-reference in Samba AD DC LDAP server

2018-11-2700:00:00
Samba Security
www.samba.org
108

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.4%

Description

During the processing of an LDAP search before Samba’s AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.

There is no further vulnerability associated with this issue, merely a
denial of service.

Patch Availability

Patches addressing both these issues have been posted to:

http://www.samba.org/samba/security/

Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

CVSSv3 calculation

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)

Workaround and mitigation

When Samba 4.7 (or later) is started in the default ‘standard’ process
model only the process used for the connection back to the attacker’s
client crashes.

By default anonymous access is only available to the rootDSE (server
metadata), so only authenticated users can read large volumes of data.

Credits

Originally reported by Garming Sam of the Samba Team and Catalyst

Patches provided by Garming Sam of the Samba Team and Catalyst.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.4%