Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 4.9.0 (including) | 4.9.9 (excluding) |
| Samba | Samba | 4.10.0 (including) | 4.10.5 (excluding) |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | disco | * |
| Samba | Ubuntu | trusty | * |
| Samba | Ubuntu | upstream | * |
Potential Mitigations
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://www.securityfocus.com/bid/108825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.synology.com/security/advisory/Synology_SA_19_27
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://www.securityfocus.com/bid/108825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.synology.com/security/advisory/Synology_SA_19_27