Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-16852
HistoryNov 27, 2018 - 12:00 a.m.

CVE-2018-16852

2018-11-2700:00:00
ubuntu.com
ubuntu.com
13

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.6%

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL
pointer de-reference. During the processing of an DNS zone in the DNS
management DCE/RPC server, the internal DNS server or the Samba DLZ plugin
for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or
DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow
a NULL pointer and terminate. There is no further vulnerability associated
with this issue, merely a denial of service.

Bugs

Notes

Author Note
mdeslaur 4.9.x only

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.6%