PT-2018-2504 · Samba+3 · Samba+3

Florian Stã¼Lpner

Published

2018-09-03

Updated

2024-06-15

CVE-2018-14629

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.7.12 Samba versions prior to 4.8.7 Samba versions prior to 4.9.3

Description The issue is related to an error in handling requests containing CNAME loop records in the Samba package's network interaction software. This can be exploited by a remote attacker to cause infinite recursion on the server, resulting in a denial of service. An unprivileged local attacker could create such an entry, leading to denial of service.

Recommendations For versions prior to 4.7.12, update to version 4.7.12 or later. For versions prior to 4.8.7, update to version 4.8.7 or later. For versions prior to 4.9.3, update to version 4.9.3 or later.

Exploit

Fix

DoS

Infinite Loop

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-400

Related Identifiers

ALT-PU-2018-2743

ALT-PU-2018-2744

ALT-PU-2018-2950

ALT-PU-2018-2951

BDU:2019-00874

CVE-2018-14629

DLA-1607-1

DSA-4345-1

ECHO-F786-8320-5449

MGASA-2019-0011

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:4066-1

SUSE-SU-2018_4066-1

USN-3827-1

USN-3827-2

Affected Products

Alt Linux

Samba

Suse

Ubuntu

PT-2018-2504 · Samba+3 · Samba+3

CVE-2018-14629

Weakness Enumeration

Related Identifiers

Affected Products

References · 124