CVE-2019-14861

Name of the Vulnerable Software and Affected Versions Samba versions 4.x.x before 4.9.17 Samba versions 4.10.x before 4.10.11 Samba versions 4.11.x before 4.11.3

Description The issue is related to the dnsserver RPC pipe in Samba, which provides administrative facilities to modify DNS records and zones. When Samba acts as an AD DC, it stores DNS records in LDAP. The default permissions on the DNS partition allow creation of new records by authenticated users. If a DNS record is created that case-insensitively matches the name of the zone, it can confuse the ldb qsort() and dns name compare() routines into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2(), leading to invalid memory being followed as a pointer. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Samba versions 4.x.x before 4.9.17, update to version 4.9.17 or later. For Samba versions 4.10.x before 4.10.11, update to version 4.10.11 or later. For Samba versions 4.11.x before 4.11.3, update to version 4.11.3 or later. As a temporary workaround, consider restricting access to the dnsserver RPC pipe to minimize the risk of exploitation.