Use of out-of-range pointer offset in samba (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-14861 |
| CWE-ID | CWE-823 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
samba (Alpine package) Operating systems & Components / Operating system package or component RoboHelp Universal components / Libraries / Software for developers |
| Vendor |
Alpine Linux Development Team Adobe |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of out-of-range pointer offset
EUVDB-ID: #VU23507
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-14861
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.
Install update from vendor's website.
Vulnerable software versionssamba (Alpine package): 4.1.1-r0 - 4.10.10-r0
RoboHelp: 0.60.6-r0
CPE2.3- cpe:2.3:a:alpine:samba_alpine_package:4.1.1-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:samba_alpine_package:4.1.3-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:samba_alpine_package:4.1.3-r1:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:adobe:robohelp:0.60.6-r0:*:*:*:*:alpine_linux:*:1.9
https://git.alpinelinux.org/aports/commit/?id=fddd8a3d858001f0e0d27c7fd9e1ffddf8ccdd2e
https://git.alpinelinux.org/aports/commit/?id=9739986c1e03ef958ef47887b03d03d06e6559e3
https://git.alpinelinux.org/aports/commit/?id=dd552b01b186a01114fb8d877ba15cf1895f0121
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
