Bug 1625449 (CVE-2018-14629) - CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD LDAP server
Summary: CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD ...
Alias: CVE-2018-14629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1654078
Blocks: 1625448
TreeView+ depends on / blocked
Reported: 2018-09-05 00:46 UTC by Sam Fowler
Modified: 2021-02-16 23:07 UTC (History)
29 users (show)

Fixed In Version: samba 4.7.12, samba 4.8.7, samba 4.9.3
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was discovered in Samba's LDAP server. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
Clone Of:
Last Closed: 2019-06-10 10:37:26 UTC

Attachments (Terms of Use)

Description Sam Fowler 2018-09-05 00:46:03 UTC
All versions of Samba from 4.0.0 onwards are vulnerable infinite query recursion caused by CNAME loops.  Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.

Comment 1 Sam Fowler 2018-09-05 00:46:05 UTC

Name: Andrew Bartlett (Catalyst and Samba Team)
Upstream: Florian Stülpner (HiperScan)

Comment 2 Doran Moppert 2018-09-05 04:17:04 UTC
Upstream bug:


Comment 3 Doran Moppert 2018-09-05 04:17:14 UTC

Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present.  These packages are not affected by this vulnerability.

Comment 4 Sam Fowler 2018-11-28 01:51:03 UTC
External Reference:


Comment 5 Sam Fowler 2018-11-28 01:51:37 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1654078]

Note You need to log in before you can comment on or make changes to this bug.