Bug 1764142 (CVE-2019-14847)

Summary: CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync
Product: [Other] Security Response Reporter: Siddharth Sharma <sisharma>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, anoopcs, asn, dblechte, dfediuck, eedri, gdeschner, hvyas, iboukris, iboukris, jrivera, jstephen, lmohanty, madam, mgoldboi, michal.skrivanek, puebele, rhs-smb, sbonazzo, sbose, security-response-team, sherold, sisharma, ssorce, vbellur, yturgema
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: samba 4.9.15, samba 4.10.10 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in samba versions 4.0.0 through 4.10.0. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-30 06:51:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1766847    
Bug Blocks: 1763144    

Description Siddharth Sharma 2019-10-22 11:03:29 UTC
It was found that samba versions since samba 4.0.0 version to samba 4.10.0 are vulnerable. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service, privilege escalation is not possible with this issue.

Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=14040

Comment 2 Huzaifa S. Sidhpurwala 2019-10-23 06:17:42 UTC

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.

Comment 5 Huzaifa S. Sidhpurwala 2019-10-23 11:33:45 UTC

Name: the Samba project
Upstream: Adam Xu

Comment 6 Siddharth Sharma 2019-10-29 11:39:41 UTC
External References:


Comment 7 Huzaifa S. Sidhpurwala 2019-10-30 05:17:57 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1766847]

Comment 8 Product Security DevOps Team 2019-10-30 06:51:15 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Comment 9 Eric Christensen 2019-11-04 17:21:13 UTC

By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9, and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).