A denial of service vulnerability was discovered in Samba's LDAP server. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
All versions of Samba from 4.0.0 onwards are vulnerable infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.
Name: Andrew Bartlett (Catalyst and Samba Team)
Upstream: Florian Stülpner (HiperScan)
Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present. These packages are not affected by this vulnerability.
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 1654078]