SB2018112820 - NULL pointer dereference in samba (Alpine package)
Published: November 28, 2018
Security Bulletin ID
SB2018112820
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-16851)
The vulnerability allows a remote authenticated attacker to cause DoS condition.
The vulnerability exists due to the entries are cached in a single memory object with a maximum size of 256MB during the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client. A remote attacker can trigger NULL pointer dereference in the LDAP service when this size is reached and cause the process to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3fc4f7d95608cc32f264afea7c233f8259d802cf
- https://git.alpinelinux.org/aports/commit/?id=f7ba3ea2bf6a0f6310a8526c95d88f7986735f8c
- https://git.alpinelinux.org/aports/commit/?id=bd73fabb2c22b54983d0f10ae0d7c7b441b26001
- https://git.alpinelinux.org/aports/commit/?id=5a2238501aacaf1b6c86507ac383022e1b09450e