ASA-2018-00056 – Samba: Unprivileged adding of CNAME record causing loop in AD Internal DNS server

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00056

Identifier(s)

ASA-2018-00056, CVE-2018-14629

Title

Unprivileged adding of CNAME record causing loop in AD Internal DNS server

Vendor(s)

Samba

Product(s)

Samba

Affected version(s)

All versions of Samba from 4.0.0 onwards

Fixed version(s)

Samba 4.7.12, 4.8.7, and 4.9.3

Proof of concept

Unknown

Description

All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.

Technical details

Unknown

Credits

Florian Stalpner

Reference(s)

Unprivileged adding of CNAME record causing loop in AD Internal DNS server
https://www.samba.org/samba/security/CVE-2018-14629.html

[SECURITY] CVE-2018-14629 CNAME loops in Samba AD DC DNS server
https://bugzilla.samba.org/show_bug.cgi?id=13600

[Announce] Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available
https://lists.samba.org/archive/samba-announce/2018/000462.html

CVE-2018-14629 dns: CNAME loop prevention using counter
https://github.com/samba-team/samba/commit/97b426babaa2a812946c77bd841a33c1a9399ab5

CVE-2018-14629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629

CVE-2018-14629
https://nvd.nist.gov/vuln/detail/CVE-2018-14629

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 4, 2018

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.