Main Vulnerability Database Vulnerabilities #VU16158

#VU16158 NULL pointer dereference in Samba - CVE-2018-16852

Published: November 28, 2018

Vulnerability identifier: #VU16158

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-16852

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Samba

Software vendor:
Samba

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The vulnerability exists due to an error in the internal DNS server or the Samba DLZ plugin for BIND9 during the processing of an DNS zone in the DNS management DCE/RPC server if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set. A remote attacker can NULL pointer dereference and cause the service to crash.

Remediation

Update to version 4.9.3.

External links

https://www.samba.org/samba/security/CVE-2018-16852.html

#VU16158 NULL pointer dereference in Samba - CVE-2018-16852

Description

Remediation

External links

Please verify you're human