PT-2019-4766 · Samba+3 · Samba+3

Adam Xu

Publicado

2019-10-29

Atualizado

2024-06-15

CVE-2019-14847

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions samba versions 4.0.0 through 4.9.14 samba versions 4.10.x through 4.10.9

Description A flaw in the samba software allows an attacker to crash the AD DC LDAP server via dirsync, resulting in denial of service. The issue is related to a null pointer dereference in the LDAP dirsync component. Privilege escalation is not possible with this issue. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For samba versions 4.0.0 through 4.9.14, update to version 4.9.15 or later. For samba versions 4.10.x through 4.10.9, update to version 4.10.10 or later. As a temporary workaround, consider restricting access to the dirsync component to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-3063

ALT-PU-2019-3067

BDU:2020-01338

CVE-2019-14847

DLA-2668-1

DLA-3563-1

ECHO-AFC5-D60F-8677

MGASA-2019-0397

OPENSUSE-SU-2019:2442-1

OPENSUSE-SU-2019:2458-1

OPENSUSE-SU-2019_2442-1

OPENSUSE-SU-2019_2458-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2019:2866-1

SUSE-SU-2019:2868-1

SUSE-SU-2019_2866-1

SUSE-SU-2019_2868-1

SUSE-SU-2020:2673-1

SUSE-SU-2020_2673-1

USN-4167-1

USN-4167-2

Produtos afetados

Alt Linux

Samba

Suse

Ubuntu

PT-2019-4766 · Samba+3 · Samba+3

CVE-2019-14847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 140