Bugzilla – Bug 1116322
VUL-0: CVE-2018-16851: samba: NULL pointer de-reference in Samba AD DC LDAP server
Last modified: 2019-11-30 15:39:05 UTC
is public https://www.samba.org/samba/security/CVE-2018-16851.html CVE-2018-16851.html =========================================================== == Subject: NULL pointer de-reference in Samba AD DC LDAP server == == CVE ID#: CVE-2018-16851 == == Versions: All versions of Samba from 4.0.0 onwards. == == Summary: A user able to read more than 256MB of LDAP entires can crash the Samba AD DC's LDAP server. =========================================================== =========== Description =========== During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. ================== Patch Availability ================== Patches addressing both these issues have been posted to: http://www.samba.org/samba/security/ Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) ========================= Workaround and mitigation ========================= When Samba 4.7 (or later) is started in the default 'standard' process model only the process used for the connection back to the attacker's client crashes. By default anonymous access is only available to the rootDSE (server metadata), so only authenticated users can read large volumes of data. ======= Credits ======= Originally reported by Garming Sam of the Samba Team and Catalyst Patches provided by Garming Sam of the Samba Team and Catalyst. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
SUSE-SU-2018:4066-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 1068059,1087303,1087931,1101499,1102230,1116319,1116320,1116322,1116324 CVE References: CVE-2018-14629,CVE-2018-16841,CVE-2018-16851,CVE-2018-16853 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): samba-4.7.11+git.140.6bd0e5b30d8-4.21.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): samba-4.7.11+git.140.6bd0e5b30d8-4.21.1 SUSE Linux Enterprise Module for Basesystem 15 (src): samba-4.7.11+git.140.6bd0e5b30d8-4.21.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.11+git.140.6bd0e5b30d8-4.21.1
done