A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller.
As per upstream advisory:
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of service attack when Samba is an Active Directory Domain Controller.
Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer.
There is no further vulnerability associated with this error, merely a denial of service.
Name: Laurent Debomy, Andrej Gessel and Kai Blin (The samba project)
Created libldb tracking bugs for this issue:
Affects: fedora-all [bug 1618613]
This flaw only affects libldb/samba when configured as Active Directory Domain Controller. Versions of samba in Red Hat Enterprise Linux 6 and 7 do not support this configuration and therefore are not affected by this flaw.