Project

General

Profile

Bug #9707

Bug #9705: samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)

[3.8] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)

Added by Alicha CH 7 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
11/28/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:
CVE-2018-14629, CVE-2018-16841, CVE-2018-16851

Description

CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server

All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.

Fixed In Version:

Samba 4.7.12, 4.8.7, and 4.9.3

References:

https://www.samba.org/samba/security/CVE-2018-14629.html
https://www.samba.org/samba/history/security.html

CVE-2018-16841 : Double-free in Samba AD DC KDC with PKINIT

A flaw was found in Samba from 4.3.0 versions. When configured to accept smart-card authentication, Samba's KDC
will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate. This could result in a Denial of Service attack.

Fixed In Version:

Samba 4.7.12, 4.8.7 and 4.9.3

References:

https://www.samba.org/samba/security/CVE-2018-16841.html
https://www.samba.org/samba/history/security.html

CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server

A flaw was found in Samba versions from 4.0.0. During the processing of an LDAP search before Samba's AD DC returns the LDAP
entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the
Samba process providing the LDAP service will follow the NULL pointer, terminating the process. This can lead to a denial of service attack.

Fixed In Version:

Samba 4.7.12, 4.8.7 and 4.9.3

References:

https://www.samba.org/samba/security/CVE-2018-16851.html
https://www.samba.org/samba/history/security.html

History

#1 Updated by Natanael Copa 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 4 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF