As per upstream advisory:
Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba's dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay,
but it is easy for an authenticated non-admin attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
Name: the Samba project
Upstream: Francis Brosnan Blázquez (ASPL.es)
The dnsserver task can be stopped by setting
'dcerpc endpoint servers = -dnsserver'
in the smb.conf and restarting Samba.
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 1892640]
This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 6, 7, 8 and Red Hat Gluster Storage 3 as it does not include support for Active Directory Domain Controller.