PT-2018-2509 · Samba+3 · Samba+3

Garming Sam

Publicado

2018-11-20

Atualizado

2024-06-15

CVE-2018-16851

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.0 through 4.7.11 Samba versions 4.8.0 through 4.8.6 Samba versions 4.9.0 through 4.9.2

Description The issue is related to a denial of service in Samba's LDAP search functionality. It occurs when the maximum size of cached search results, which is 256MB, is reached, causing the Samba process to follow a NULL pointer and terminate. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Samba versions 4.0.0 through 4.7.11, update to version 4.7.12 or later. For Samba versions 4.8.0 through 4.8.6, update to version 4.8.7 or later. For Samba versions 4.9.0 through 4.9.2, update to version 4.9.3 or later.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2018-2743

ALT-PU-2018-2744

BDU:2019-00879

CVE-2018-16851

DLA-1607-1

DSA-4345-1

ECHO-C8C0-89CD-58D0

MGASA-2019-0011

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:4066-1

USN-3827-1

USN-3827-2

Produtos afetados

Alt Linux

Samba

Suse

Ubuntu

PT-2018-2509 · Samba+3 · Samba+3

CVE-2018-16851

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 123