PT-2019-4766 · Samba+3 · Samba+3

Adam Xu

·

Published

2019-10-29

·

Updated

2024-06-15

·

CVE-2019-14847

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions samba versions 4.0.0 through 4.9.14 samba versions 4.10.x through 4.10.9
Description A flaw in the samba software allows an attacker to crash the AD DC LDAP server via dirsync, resulting in denial of service. The issue is related to a null pointer dereference in the LDAP dirsync component. Privilege escalation is not possible with this issue. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations For samba versions 4.0.0 through 4.9.14, update to version 4.9.15 or later. For samba versions 4.10.x through 4.10.9, update to version 4.10.10 or later. As a temporary workaround, consider restricting access to the dirsync component to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-3063
ALT-PU-2019-3067
BDU:2020-01338
CVE-2019-14847
DLA-2668-1
DLA-3563-1
ECHO-AFC5-D60F-8677
MGASA-2019-0397
OPENSUSE-SU-2019:2442-1
OPENSUSE-SU-2019:2458-1
OPENSUSE-SU-2019_2442-1
OPENSUSE-SU-2019_2458-1
OPENSUSE-SU-2024:11365-1
SUSE-SU-2019:2866-1
SUSE-SU-2019:2868-1
SUSE-SU-2019_2866-1
SUSE-SU-2019_2868-1
SUSE-SU-2020:2673-1
SUSE-SU-2020_2673-1
USN-4167-1
USN-4167-2

Affected Products

Alt Linux
Samba
Suse
Ubuntu