Bug 1580230 (CVE-2018-1140)

Summary: CVE-2018-1140 libldb: LDAP server crash via distinguishedName
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, anoopcs, asn, gdeschner, jarrpa, jhrozek, jstephen, lmohanty, madam, rhs-smb, sankarshan, sbose, security-response-team, sisharma, ssaha, ssorce, vbellur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libldb 1.4.1, libldb 1.3.5 Doc Type: If docs needed, set a value
Doc Text:
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:25:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1615989, 1618608, 1618610, 1618612, 1618613    
Bug Blocks: 1577167, 1580231    

Description Huzaifa S. Sidhpurwala 2018-05-21 04:18:04 UTC 
As per upstream advisory:

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller.

Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.

There is no further vulnerability associated with this error, merely a denial of service.
Comment 3 Sam Fowler 2018-08-16 03:36:07 UTC 
External Reference:

https://www.samba.org/samba/security/CVE-2018-1140.html
https://bugzilla.samba.org/show_bug.cgi?id=13374
Comment 4 Huzaifa S. Sidhpurwala 2018-08-17 04:30:04 UTC 
Acknowledgments:

Name: Laurent Debomy, Andrej Gessel and Kai Blin (The samba project)
Comment 6 Huzaifa S. Sidhpurwala 2018-08-17 04:39:07 UTC 
Created libldb tracking bugs for this issue:

Affects: fedora-all [bug 1618613]
Comment 7 Huzaifa S. Sidhpurwala 2018-10-09 05:48:12 UTC 
Statement:

This flaw only affects libldb/samba when configured as Active Directory Domain Controller. Versions of samba in Red Hat Enterprise Linux 6 and 7 do not support this configuration and therefore are not affected by this flaw.
Comment 8 Huzaifa S. Sidhpurwala 2018-10-09 06:10:18 UTC 
Upstream patches:

https://git.samba.org/?p=samba.git;a=commitdiff;h=0998f2f1bced019db4000ef4b55887abcb65f6d2
https://git.samba.org/?p=samba.git;a=commitdiff;h=3f95957d6de321c803a66f3ec67a8ff09befd16d
https://git.samba.org/?p=samba.git;a=commitdiff;h=3c1fbb18321f61df44d7b0f0c7452ae230960293