This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the way samba kerberos server handles missing sname attribute in TGS-REQ (Ticket Granting Server - Request). A remote authenticated user can send a specially crafted request to the samba server and perform a denial of service (DoS) attack.Mitigation
Install updates from vendor's website.Vulnerable software versions
Samba: 4.14.0 - 4.14.7, 4.13.0 - 4.13.11
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?