Samba 4.0.0 before samba 4.9.15 NULL Pointer Dereference Vulnerability

Summary

Since Samba 4.0.0 Samba has implemented, in the AD DC, the “dirsync”

LDAP control specified in MS-ADTS “3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID”.However, when combined with the ranged results feature specified in MS-ADTS “3.1.1.3.1.3.3 Range Retrieval of Attribute Values” a NULL pointer is can be de-referenced.This is a Denial of Service only, no further escalation of privilege is associated with this issue. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent.

 

 

Credit:

The information has been provided by Adam Xu

The original article can be found at:https://www.samba.org/samba/security/CVE-2019-14847.html

 


Details

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in a denial of service. Privilege escalation is not possible with this issue.

 

Vulnerable Systems:

Samba 4.0.0 before samba 4.9.15

Samba 4.10.x before 4.10.10

 

CVE Information:

CVE-2019-14847

 

Disclosure Timeline:
Published Date:11/6/2019