Bug 1671845 (CVE-2019-3824) - CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC
Summary: CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC
Status: CLOSED NOTABUG
Alias: CVE-2019-3824
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190225,repor...
Keywords: Security
Depends On: 1683909
Blocks: 1671846
TreeView+ depends on / blocked
 
Reported: 2019-02-01 20:45 UTC by Laura Pardo
Modified: 2019-02-28 05:54 UTC (History)
23 users (show)

Fixed In Version: samba 4.10
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2019-02-28 05:54:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Laura Pardo 2019-02-01 20:45:26 UTC
A flaw was found in the way an authenticated user with read permission on the LDAP server could crash the shared LDAP server process of the Samba AD DC, by using specially crafted search expressions like "cn=test*multi*test*multi"

Note that in Samba 4.7 and later, the default is not to have a shared LDAP process, unless -M prefork or -M single is specified on the command line to 'samba'.

Comment 1 Laura Pardo 2019-02-01 20:53:38 UTC
Acknowledgments:

Name: the Samba project

Comment 4 Eric Christensen 2019-02-18 14:21:40 UTC
Statement:

The versions of samba packages shipped with Red Hat Enterprise Linux 5, 6, and 7 do not support Active Directory Domain Controller mode, therefore are not affected by this flaw.
This issue did not affect the version of samba as shipped with 'Red Hat Gluster Storage 3' as they did not include support for Active Directory Domain Controller.

Comment 5 Huzaifa S. Sidhpurwala 2019-02-28 05:31:36 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1683909]

Comment 7 Huzaifa S. Sidhpurwala 2019-02-28 05:53:13 UTC
External References:

https://bugzilla.samba.org/show_bug.cgi?id=13773


Note You need to log in before you can comment on or make changes to this bug.