| VID |
23292 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.7.x, 4.8.x, 4.9.x < 4.9.5 or 4.10.0rc prior to 4.10.0rc4. It is, therefore, potentially affected by a denial of service (DoS) vulnerability in the LDAP search expression parser due to improper validation. An authenticated, remote attacker can exploit this issue, via a crafted LDAP search expression, to cause the LDAP server process of the Samba Active Directory Domain Controller to stop responding.
* References:
https://bugzilla.samba.org/show_bug.cgi?id=13773
https://www.samba.org/samba/history/samba-4.9.5.html
https://download.samba.org/pub/samba/rc/samba-4.10.0rc4.WHATSNEW.txt
* Platforms Affected:
Samba Project, Samba versions 4.7.x, 4.8.x, 4.9.x before 4.9.5
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.9.5 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2019-3824 (CVE) |
| Related URL |
107347 (SecurityFocus) |
| Related URL |
(ISS) |
|
