ASA-2018-00058 – Samba: NULL pointer de-reference in Samba AD DC LDAP server

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00058

Identifier(s)

ASA-2018-00058, CVE-2018-16851

Title

NULL pointer de-reference in Samba AD DC LDAP server

Vendor(s)

Samba

Product(s)

Samba

Affected version(s)

All versions of Samba from 4.0.0 onwards

Fixed version(s)

Samba 4.7.12, 4.8.7 and 4.9.3

Proof of concept

Unknown

Description

During the processing of an LDAP search before Samba’s AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process.

Technical details

Unknown

Credits

Garming Sam of the Samba Team and Catalyst

Reference(s)

NULL pointer de-reference in Samba AD DC LDAP server
https://www.samba.org/samba/security/CVE-2018-16851.html

[Announce] Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available
https://lists.samba.org/archive/samba-announce/2018/000462.html

CVE-2018-16851 ldap_server: Check ret before manipulating blob
https://github.com/samba-team/samba/commit/d2c98abde12d11d64cc62697f633fc5db75502ef

[SECURITY] CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
https://bugzilla.samba.org/show_bug.cgi?id=13674

CVE-2018-16851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851

CVE-2018-16851
https://nvd.nist.gov/vuln/detail/CVE-2018-16851

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 4, 2018

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.