Allele Security Alert
ASA-2019-00119
Identifier(s)
ASA-2019-00119, CVE-2019-3824
Title
Out-of-bounds read in ldb_wildcard_compare()
Vendor(s)
The Samba Project
Product(s)
Samba
Affected version(s)
Samba 4.9 and earlier
Fixed version(s)
Samba 4.9.5
Proof of concept
Unknown
Description
A user with read permission on the LDAP server can crash the shared LDAP server process of the Samba AD DC.
By using a search expression like (cn=test*multi*test*multi) an authenticated user can crash the shared LDAP process of the AD DC.
Note that in Samba 4.7 and later, the default is not to have a shared LDAP process, unless -M prefork or -M single is specified on the command line to ‘samba’.
Technical details
Unknown
Credits
Garming Sam (Catalyst)
Reference(s)
Bug 13773 – (CVE-2019-3824) CVE-2019-3824 [SECURITY] ldb: Out of bound read in ldb_wildcard_compare
https://bugzilla.samba.org/show_bug.cgi?id=13773
ldb: Out of bound read in ldb_wildcard_compare
https://attachments.samba.org/attachment.cgi?id=14819
[PATCH] ldb: Out ouf bound read in ldb_wildcard_compare
https://lists.samba.org/archive/samba-technical/2019-January/132068.html
CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
https://github.com/samba-team/samba/commit/3674b0891afb016c83763520b87e9f190dcfe884#diff-7cb72b8290ee6817ac5657e493d06061
CVE-2019-3824 ldb: wildcard_match end of data check
https://github.com/samba-team/samba/commit/42f0f57eb819ce6b68a8c5b3b53123b83ec917e3#diff-7cb72b8290ee6817ac5657e493d06061
CVE-2019-3824 ldb: wildcard_match check tree operation
https://github.com/samba-team/samba/commit/34383981a0c40860f71a4451ff8fd752e1b67666#diff-7cb72b8290ee6817ac5657e493d06061
CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
https://github.com/samba-team/samba/commit/9427806f7298d71bd7edfbdda7506ec63f15dda1#diff-7cb72b8290ee6817ac5657e493d06061
CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
https://github.com/samba-team/samba/commit/745b99fc6b75db33cdb0a58df1a3f2a5063bc76e#diff-7cb72b8290ee6817ac5657e493d06061
Bug 1671845 (CVE-2019-3824) – CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824
Samba 4.9.5 – Release Notes
https://www.samba.org/samba/history/samba-4.9.5.html
CVE-2019-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3824
CVE-2019-3824
https://nvd.nist.gov/vuln/detail/CVE-2019-3824
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 12, 2019