Bug 1764142 (CVE-2019-14847)

Summary: CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync
Product: [Other] Security Response Reporter: Siddharth Sharma <sisharma>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, anoopcs, asn, dblechte, dfediuck, eedri, gdeschner, hvyas, iboukris, iboukris, jrivera, jstephen, lmohanty, madam, mgoldboi, michal.skrivanek, puebele, rhs-smb, sbonazzo, sbose, security-response-team, sherold, sisharma, ssorce, vbellur, yturgema
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: samba 4.9.15, samba 4.10.10 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in samba versions 4.0.0 through 4.10.0. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-30 06:51:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1766847    
Bug Blocks: 1763144    

Description Siddharth Sharma 2019-10-22 11:03:29 UTC 
It was found that samba versions since samba 4.0.0 version to samba 4.10.0 are vulnerable. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service, privilege escalation is not possible with this issue.

Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=14040
Comment 2 Huzaifa S. Sidhpurwala 2019-10-23 06:17:42 UTC 
Statement:

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.
Comment 5 Huzaifa S. Sidhpurwala 2019-10-23 11:33:45 UTC 
Acknowledgments:

Name: the Samba project
Upstream: Adam Xu
Comment 6 Siddharth Sharma 2019-10-29 11:39:41 UTC 
External References:

https://www.samba.org/samba/security/CVE-2019-14847.html
Comment 7 Huzaifa S. Sidhpurwala 2019-10-30 05:17:57 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1766847]
Comment 8 Product Security DevOps Team 2019-10-30 06:51:15 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14847
Comment 9 Eric Christensen 2019-11-04 17:21:13 UTC 
Mitigation:

By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9, and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).