6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.6%
Some DNS records (such as MX and NS records) usually contain data in
the additional section. Sambaโs dnsserver RPC pipe (which is an
administrative interface not used in the DNS server itself) made an
error in handling the case where there are no records present: instead
of noticing the lack of records, it dereferenced uninitialised memory,
causing the RPC server to crash. This RPC server, which also serves
protocols other than dnsserver, will be restarted after a short delay,
but it is easy for an authenticated non-admin attacker to crash it
again as soon as it returns. The Samba DNS server itself will continue
to operate, but many RPC services will not.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.11.15, 4.12.9 and 4.13.1 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
CVSSv3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
The dnsserver task can be stopped by setting
โdcerpc endpoint servers = -dnsserverโ
in the smb.conf and restarting Samba.
Originally reported by Francis Brosnan Blรกzquez of ASPL.es in 2017.
Patches first provided for Samba 4.6 by Francis Brosnan Blรกzquez, and
adapted for modern Samba by Douglas Bagnall of the Samba team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.6%