CVE-2019-12436 - Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of

CVE-2019-12436

Summary

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

References

Vulnerable Configurations

cpe:2.3:a:samba:samba:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 20-06-2019 - 09:15)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

bid	108823
confirm	https://www.samba.org/samba/security/CVE-2019-12436.html https://www.synology.com/security/advisory/Synology_SA_19_27
fedora	FEDORA-2019-8015e5dc40
ubuntu	USN-4018-1

Last major update

20-06-2019 - 09:15

Published

19-06-2019 - 12:15

Last modified

20-06-2019 - 09:15