PT-2019-5407 · Samba+2 · Samba+2

Publicado

2019-06-19

Atualizado

2024-06-15

CVE-2019-12436

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Samba versions 4.10.x through 4.10.4

Description The issue is related to a NULL pointer dereference error, which can be exploited by a remote attacker to cause a Denial of Service (DoS) on the AD DC LDAP server. The attacker must have directory read access to attempt an exploit. This can be achieved by using the paged search control.

Recommendations For Samba versions 4.10.x through 4.10.4, update to version 4.10.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory read functionality to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-2360

ALT-PU-2019-2492

BDU:2020-02775

CVE-2019-12436

MGASA-2019-0286

OPENSUSE-SU-2024:11365-1

USN-4018-1

Produtos afetados

Alt Linux

Samba

Ubuntu

PT-2019-5407 · Samba+2 · Samba+2

CVE-2019-12436

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 98