CVE-2018-16852

Name of the Vulnerable Software and Affected Versions: Samba versions 4.9.0 through 4.9.3

Description: The issue is related to a NULL pointer de-reference in the DNS zone processing component of the Samba server. This occurs when the DSPROPERTY ZONE MASTER SERVERS property or DSPROPERTY ZONE SCAVENGING SERVERS property is set during the processing of a DNS zone in the DNS management DCE/RPC server, the internal DNS server, or the Samba DLZ plugin for BIND9. The server will follow a NULL pointer and terminate, resulting in a denial of service. There is no further vulnerability associated with this issue.

Recommendations: For Samba versions 4.9.0 through 4.9.3, update to a version newer than 4.9.3 to resolve the issue. As a temporary workaround, consider avoiding the use of the DSPROPERTY ZONE MASTER SERVERS and DSPROPERTY ZONE SCAVENGING SERVERS properties until a patch is available.