Bug 1764142 (CVE-2019-14847) - CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync
Summary: CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-14847
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1766847
Blocks: 1763144
TreeView+ depends on / blocked
 
Reported: 2019-10-22 11:03 UTC by Siddharth Sharma
Modified: 2019-11-04 17:21 UTC (History)
26 users (show)

Fixed In Version: samba 4.9.15, samba 4.10.10
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in samba versions 4.0.0 through 4.10.0. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
Clone Of:
Environment:
Last Closed: 2019-10-30 06:51:15 UTC


Attachments (Terms of Use)

Description Siddharth Sharma 2019-10-22 11:03:29 UTC
It was found that samba versions since samba 4.0.0 version to samba 4.10.0 are vulnerable. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service, privilege escalation is not possible with this issue.

Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=14040

Comment 2 Huzaifa S. Sidhpurwala 2019-10-23 06:17:42 UTC
Statement:

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.

Comment 5 Huzaifa S. Sidhpurwala 2019-10-23 11:33:45 UTC
Acknowledgments:

Name: the Samba project
Upstream: Adam Xu

Comment 6 Siddharth Sharma 2019-10-29 11:39:41 UTC
External References:

https://www.samba.org/samba/security/CVE-2019-14847.html

Comment 7 Huzaifa S. Sidhpurwala 2019-10-30 05:17:57 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1766847]

Comment 8 Product Security DevOps Team 2019-10-30 06:51:15 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14847

Comment 9 Eric Christensen 2019-11-04 17:21:13 UTC
Mitigation:

By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9, and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).


Note You need to log in before you can comment on or make changes to this bug.