Bug 1646386 (CVE-2018-16852) - CVE-2018-16852 samba: NULL pointer de-reference in Samba AD DC DNS management server
Summary: CVE-2018-16852 samba: NULL pointer de-reference in Samba AD DC DNS management...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-16852
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1654092
Blocks: 1646387
TreeView+ depends on / blocked
 
Reported: 2018-11-05 13:43 UTC by Laura Pardo
Modified: 2021-02-16 22:49 UTC (History)
30 users (show)

Fixed In Version: samba 4.9.3
Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference flaw was found in the Samba DNS Management server when used as an Active Directory Domain Controller. A remote attacker could use this flaw to cause a denial of service (application crash).
Clone Of:
Environment:
Last Closed: 2018-11-28 07:32:38 UTC
Embargoed:


Attachments (Terms of Use)

Description Laura Pardo 2018-11-05 13:43:00 UTC
A flaw was found in samba versions from 4.9.0. During the processing of an DNS zone in the DNS management DCE/RPC server, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. This could lead to a Denial of Service attack.

Comment 2 Sam Fowler 2018-11-28 02:57:27 UTC
External Reference:

https://www.samba.org/samba/security/CVE-2018-16852.html

Comment 3 Sam Fowler 2018-11-28 02:57:38 UTC
Acknowledgments:

Name: The Samba Team
Upstream: Fabrizio Faganello

Comment 4 Sam Fowler 2018-11-28 02:58:08 UTC
Created samba tracking bugs for this issue:

Affects: fedora-29 [bug 1654092]

Comment 5 Huzaifa S. Sidhpurwala 2018-11-28 07:32:54 UTC
Statement:

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.


Note You need to log in before you can comment on or make changes to this bug.