1580230 – (CVE-2018-1140) CVE-2018-1140 libldb: LDAP server crash via distinguishedName

Bug 1580230 (CVE-2018-1140) - CVE-2018-1140 libldb: LDAP server crash via distinguishedName

Summary: CVE-2018-1140 libldb: LDAP server crash via distinguishedName

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-1140
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1615989 1618608 1618610 1618612 1618613
Blocks:	1577167 1580231
TreeView+	depends on / blocked

Reported:	2018-05-21 04:18 UTC by Huzaifa S. Sidhpurwala
Modified:	2022-03-13 15:01 UTC (History)
CC List:	17 users (show)
Fixed In Version:	libldb 1.4.1, libldb 1.3.5
Doc Type:	If docs needed, set a value
Doc Text:	A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller.
Clone Of:
Environment:
Last Closed:	2019-06-10 10:25:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Huzaifa S. Sidhpurwala 2018-05-21 04:18:04 UTC

As per upstream advisory:

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller.

Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.

There is no further vulnerability associated with this error, merely a denial of service.

Comment 3 Sam Fowler 2018-08-16 03:36:07 UTC

External Reference:

https://www.samba.org/samba/security/CVE-2018-1140.html
https://bugzilla.samba.org/show_bug.cgi?id=13374

Comment 4 Huzaifa S. Sidhpurwala 2018-08-17 04:30:04 UTC

Acknowledgments:

Name: Laurent Debomy, Andrej Gessel and Kai Blin (The samba project)

Comment 6 Huzaifa S. Sidhpurwala 2018-08-17 04:39:07 UTC

Created libldb tracking bugs for this issue:

Affects: fedora-all [bug 1618613]

Comment 7 Huzaifa S. Sidhpurwala 2018-10-09 05:48:12 UTC

Statement:

This flaw only affects libldb/samba when configured as Active Directory Domain Controller. Versions of samba in Red Hat Enterprise Linux 6 and 7 do not support this configuration and therefore are not affected by this flaw.

Comment 8 Huzaifa S. Sidhpurwala 2018-10-09 06:10:18 UTC

Upstream patches:

https://git.samba.org/?p=samba.git;a=commitdiff;h=0998f2f1bced019db4000ef4b55887abcb65f6d2
https://git.samba.org/?p=samba.git;a=commitdiff;h=3f95957d6de321c803a66f3ec67a8ff09befd16d
https://git.samba.org/?p=samba.git;a=commitdiff;h=3c1fbb18321f61df44d7b0f0c7452ae230960293

Note You need to log in before you can comment on or make changes to this bug.