Samba 4.0.0 before samba 4.9.15 NULL Pointer Dereference Vulnerability
Since Samba 4.0.0 Samba has implemented, in the AD DC, the “dirsync”
LDAP control specified in MS-ADTS “126.96.36.199.4.1.3 LDAP_SERVER_DIRSYNC_OID”.However, when combined with the ranged results feature specified in MS-ADTS “188.8.131.52.1.3.3 Range Retrieval of Attribute Values” a NULL pointer is can be de-referenced.This is a Denial of Service only, no further escalation of privilege is associated with this issue. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent.
The information has been provided by Adam Xu
The original article can be found at:https://www.samba.org/samba/security/CVE-2019-14847.html
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in a denial of service. Privilege escalation is not possible with this issue.
Samba 4.0.0 before samba 4.9.15
Samba 4.10.x before 4.10.10