As per upstream advisory: All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller. Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer. There is no further vulnerability associated with this error, merely a denial of service.
External Reference: https://www.samba.org/samba/security/CVE-2018-1140.html https://bugzilla.samba.org/show_bug.cgi?id=13374
Acknowledgments: Name: Laurent Debomy, Andrej Gessel and Kai Blin (The samba project)
Created libldb tracking bugs for this issue: Affects: fedora-all [bug 1618613]
Statement: This flaw only affects libldb/samba when configured as Active Directory Domain Controller. Versions of samba in Red Hat Enterprise Linux 6 and 7 do not support this configuration and therefore are not affected by this flaw.
Upstream patches: https://git.samba.org/?p=samba.git;a=commitdiff;h=0998f2f1bced019db4000ef4b55887abcb65f6d2 https://git.samba.org/?p=samba.git;a=commitdiff;h=3f95957d6de321c803a66f3ec67a8ff09befd16d https://git.samba.org/?p=samba.git;a=commitdiff;h=3c1fbb18321f61df44d7b0f0c7452ae230960293