SB2019121077 - Use of out-of-range pointer offset in samba (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Use of out-of-range pointer offset (CVE-ID: CVE-2019-14861)

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=fddd8a3d858001f0e0d27c7fd9e1ffddf8ccdd2e
• https://git.alpinelinux.org/aports/commit/?id=9739986c1e03ef958ef47887b03d03d06e6559e3
• https://git.alpinelinux.org/aports/commit/?id=dd552b01b186a01114fb8d877ba15cf1895f0121