Allele Security Alert
ASA-2019-00622
Identifier(s)
ASA-2019-00622, CVE-2019-14847
Title
User with “get changes” permission can crash AD DC LDAP server via dirsync
Vendor(s)
The Samba Project
Product(s)
Samba
Affected version(s)
Samba versions before 4.9.15
Samba versions before 4.10.10
Fixed version(s)
Samba version 4.9.15
Samba version 4.10.10
Proof of concept
Unknown
Description
Since Samba 4.0.0 Samba has implemented, in the AD DC, the “dirsync” LDAP control specified in MS-ADTS “3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID”.
However, when combined with the ranged results feature specified in MS-ADTS “3.1.1.3.1.3.3 Range Retrieval of Attribute Values” a NULL pointer is can be de-referenced.
Technical details
Unknown
Credits
Adam Xu
Reference(s)
Samba – Security Updates and Information
https://www.samba.org/samba/history/security.html
User with “get changes” permission can crash AD DC LDAP server via dirsync
https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847
CVE-2019-14847
https://nvd.nist.gov/vuln/detail/CVE-2019-14847
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 5, 2019