Fabrizio Faganello

Name of the Vulnerable Software and Affected Versions: Samba versions 4.9.0 through 4.9.3 Description: The issue is related to a NULL pointer de-reference in the DNS zone processing component of the Samba server. This occurs when the `DSPROPERTY ZONE MASTER SERVERS` property or `DSPROPERTY ZONE SCAVENGING SERVERS` property is set during the processing of a DNS zone in the DNS management DCE/RPC server, the internal DNS server, or the Samba DLZ plugin for BIND9. The server will follow a NULL pointer and terminate, resulting in a denial of service. There is no further vulnerability associated with this issue. Recommendations: For Samba versions 4.9.0 through 4.9.3, update to a version newer than 4.9.3 to resolve the issue. As a temporary workaround, consider avoiding the use of the `DSPROPERTY ZONE MASTER SERVERS` and `DSPROPERTY ZONE SCAVENGING SERVERS` properties until a patch is available.