Bug 1580230 (CVE-2018-1140) - CVE-2018-1140 libldb: LDAP server crash via distinguishedName
Summary: CVE-2018-1140 libldb: LDAP server crash via distinguishedName
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-1140
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1615989 1618608 1618610 1618612 1618613
Blocks: 1577167 1580231
TreeView+ depends on / blocked
 
Reported: 2018-05-21 04:18 UTC by Huzaifa S. Sidhpurwala
Modified: 2022-03-13 15:01 UTC (History)
17 users (show)

Fixed In Version: libldb 1.4.1, libldb 1.3.5
Doc Type: If docs needed, set a value
Doc Text:
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:25:49 UTC
Embargoed:


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2018-05-21 04:18:04 UTC
As per upstream advisory:

All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller.

Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.

There is no further vulnerability associated with this error, merely a denial of service.

Comment 4 Huzaifa S. Sidhpurwala 2018-08-17 04:30:04 UTC
Acknowledgments:

Name: Laurent Debomy, Andrej Gessel and Kai Blin (The samba project)

Comment 6 Huzaifa S. Sidhpurwala 2018-08-17 04:39:07 UTC
Created libldb tracking bugs for this issue:

Affects: fedora-all [bug 1618613]

Comment 7 Huzaifa S. Sidhpurwala 2018-10-09 05:48:12 UTC
Statement:

This flaw only affects libldb/samba when configured as Active Directory Domain Controller. Versions of samba in Red Hat Enterprise Linux 6 and 7 do not support this configuration and therefore are not affected by this flaw.


Note You need to log in before you can comment on or make changes to this bug.