- The first vulnerability impacts Samba versions 4.9 and 4.10, while the other vulnerability impacts all versions of Samba from v4.10 onwards.
- The Samba team has released security updates to patch the vulnerabilities in the latest versions 4.9.9 and 4.10.5.
Samba Team releases security updates to patch two vulnerabilities. The first vulnerability impacts Samba versions 4.9 and 4.10, while the other vulnerability impacts all versions of Samba from v4.10 onwards.
The first vulnerability
- The first flaw tracked as CVE-2019-12435 is a Denial-of-Service (DoS) vulnerability.
- The vulnerability resides in the DNS management server (DNS server) allowing an attacker to gain administrative privileges to modify DNS records.
- This allows an authenticated user to crash the Samba AD DC’s RPC server process via a NULL pointer de-reference.
Samba Team has released security updates to patch the vulnerability in the latest versions 4.9.9 and 4.10.5. Samba administrators are advised to update the latest versions.
The second vulnerability
- The second vulnerability tracked as CVE-2019-12436 could allow an authenticated user to crash the LDAP server process via a NULL pointer dereference using the paged search control.
- However, to exploit this vulnerability, the user should have read access to the LDAP server.
- This vulnerability has been patched in the Samba version 4.10.5.
“Specifically, while in Samba 4.10 the default is for one process per connected client, site-specific configuration trigger can change this. Samba 4.10 also supports the 'prefork' process model and by using the -M option to 'samba' and a 'single' process model. Both of these share on process between multiple clients,” the advisory read.