ASA-2019-00119 – Samba: Out-of-bounds read in ldb_wildcard_compare()

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00119

Identifier(s)

ASA-2019-00119, CVE-2019-3824

Title

Out-of-bounds read in ldb_wildcard_compare()

Vendor(s)

The Samba Project

Product(s)

Samba

Affected version(s)

Samba 4.9 and earlier

Fixed version(s)

Samba 4.9.5

Proof of concept

Unknown

Description

A user with read permission on the LDAP server can crash the shared LDAP server process of the Samba AD DC.

By using a search expression like (cn=test*multi*test*multi) an authenticated user can crash the shared LDAP process of the AD DC.

Note that in Samba 4.7 and later, the default is not to have a shared LDAP process, unless -M prefork or -M single is specified on the command line to ‘samba’.

Technical details

Unknown

Credits

Garming Sam (Catalyst)

Reference(s)

Bug 13773 – (CVE-2019-3824) CVE-2019-3824 [SECURITY] ldb: Out of bound read in ldb_wildcard_compare
https://bugzilla.samba.org/show_bug.cgi?id=13773

ldb: Out of bound read in ldb_wildcard_compare
https://attachments.samba.org/attachment.cgi?id=14819

[PATCH] ldb: Out ouf bound read in ldb_wildcard_compare
https://lists.samba.org/archive/samba-technical/2019-January/132068.html

CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
https://github.com/samba-team/samba/commit/3674b0891afb016c83763520b87e9f190dcfe884#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: wildcard_match end of data check
https://github.com/samba-team/samba/commit/42f0f57eb819ce6b68a8c5b3b53123b83ec917e3#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: wildcard_match check tree operation
https://github.com/samba-team/samba/commit/34383981a0c40860f71a4451ff8fd752e1b67666#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
https://github.com/samba-team/samba/commit/9427806f7298d71bd7edfbdda7506ec63f15dda1#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
https://github.com/samba-team/samba/commit/745b99fc6b75db33cdb0a58df1a3f2a5063bc76e#diff-7cb72b8290ee6817ac5657e493d06061

Bug 1671845 (CVE-2019-3824) – CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824

Samba 4.9.5 – Release Notes
https://www.samba.org/samba/history/samba-4.9.5.html

CVE-2019-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3824

CVE-2019-3824
https://nvd.nist.gov/vuln/detail/CVE-2019-3824

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 12, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.