Korean
<< Back
VID 23293
Severity 30
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.10.0rc prior to 4.10.0rc4. It is, therefore, potentially affected by a denial of service (DoS) vulnerability in the LDAP search expression parser due to improper validation. An authenticated, remote attacker can exploit this issue, via a crafted LDAP search expression, to cause the LDAP server process of the Samba Active Directory Domain Controller to stop responding.

* References:
https://bugzilla.samba.org/show_bug.cgi?id=13773
https://www.samba.org/samba/history/samba-4.9.5.html
https://download.samba.org/pub/samba/rc/samba-4.10.0rc4.WHATSNEW.txt

* Platforms Affected:
Samba Project, Samba versions 4.10.0rc before 4.10.0rc4
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.10.0rc4 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2019-3824 (CVE)
Related URL 107347 (SecurityFocus)
Related URL (ISS)