PT-2019-1768 · Samba+3 · Samba+3
Garming Sam
·
Publicado
2019-02-01
·
Atualizado
2024-06-15
·
CVE-2019-3824
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to 4.10
Description
A flaw in the LDAP search expression handling can cause the shared LDAP server process of a Samba AD DC to crash, leading to a denial of service. An authenticated user with read permissions on the LDAP server can exploit this issue. The vulnerability is related to a buffer overflow in the
ldb wildcard compare function of the LDAP component, which can be exploited by a remote attacker to cause a denial of service.Recommendations
For versions prior to 4.10, update to version 4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP server to minimize the risk of exploitation. Avoid using the vulnerable
ldb wildcard compare function until the issue is resolved.Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Samba
Suse
Ubuntu