Bug 1625449 (CVE-2018-14629) - CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD LDAP server
Summary: CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD ...
Status: NEW
Alias: CVE-2018-14629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20181120,repor...
Keywords: Security
Depends On: 1654078
Blocks: 1625448
TreeView+ depends on / blocked
 
Reported: 2018-09-05 00:46 UTC by Sam Fowler
Modified: 2018-11-28 04:22 UTC (History)
30 users (show)

(edit)
A denial of service vulnerability was discovered in Samba's LDAP server.  A CNAME loop could lead to infinite recursion in the server.  An unprivileged local attacker could create such an entry, leading to denial of service.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Sam Fowler 2018-09-05 00:46:03 UTC
All versions of Samba from 4.0.0 onwards are vulnerable infinite query recursion caused by CNAME loops.  Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.

Comment 1 Sam Fowler 2018-09-05 00:46:05 UTC
Acknowledgments:

Name: Andrew Bartlett (Catalyst and Samba Team)
Upstream: Florian Stülpner (HiperScan)

Comment 2 Doran Moppert 2018-09-05 04:17:04 UTC
Upstream bug:

https://bugzilla.samba.org/show_bug.cgi?id=13600

Comment 3 Doran Moppert 2018-09-05 04:17:14 UTC
Statement:

Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present.  These packages are not affected by this vulnerability.

Comment 4 Sam Fowler 2018-11-28 01:51:03 UTC
External Reference:

https://www.samba.org/samba/security/CVE-2018-14629.html

Comment 5 Sam Fowler 2018-11-28 01:51:37 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1654078]


Note You need to log in before you can comment on or make changes to this bug.