Bugzilla – Bug 1103414
VUL-0: CVE-2018-10918: samba: Denial of Service Attack on AD DC DRSUAPI server
Last modified: 2018-12-04 23:48:46 UTC
This is a embargoed bug. This means that this information is not public. Please - do not talk to other people about this unless they're involved in fixing the issue - do not submit this into OBS (e.g. fix Leap) until this is public - do not make this bug public - Please be aware that the SUSE:SLE-12-SP4:GA codestream is available via OBS. This means that you can't submit security fixes for embargoed issues to SLE 12 SP4 GA until they become public. In doubt please talk to us on IRC (#security) or sent us a mail. CRD: 2018-08-14
is public CVE-2018-10918.html ==================================================================== == Subject: Denial of Service Attack on AD DC DRSUAPI server == == CVE ID#: CVE-2018-10918 == == Versions: All versions of Samba from 4.7.0 onwards. == == Summary: Missing null pointer checks may crash the Samba AD == DC, over the authenticated DRSUAPI RPC service. == ==================================================================== =========== Description =========== All versions of Samba from 4.7.0 onwards are vulnerable to a denial of service attack which can crash the "samba" process when Samba is an Active Directory Domain Controller. Missing database output checks on the returned directory attributes from the LDB database layer cause the DsCrackNames call in the DRSUAPI server to crash when following a NULL pointer. This call is only available after authentication. There is no further vulnerability associated with this error, merely a denial of service. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.8.4 and Samba 4.7.9 have been issued as a security release to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== No workaround is possible while acting as a Samba AD DC. ======= Credits ======= The issue was reported by Volker Mauel. Andrew Bartlett of Catalyst and the Samba Team provided the test and patches.
SUSE-SU-2018:2318-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1
openSUSE-SU-2018:2400-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: openSUSE Leap 15.0 (src): samba-4.7.8+git.86.94b6d10f7dd-lp150.3.6.1
shipped