It was found that samba versions since samba 4.0.0 version to samba 4.10.0 are vulnerable. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service, privilege escalation is not possible with this issue. Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=14040
Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.
Acknowledgments: Name: the Samba project Upstream: Adam Xu
External References: https://www.samba.org/samba/security/CVE-2019-14847.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1766847]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14847
Mitigation: By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9, and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).