Main Vulnerability Database Vulnerabilities #VU16158

NULL pointer dereference in Samba - CVE-2018-16852

Published: November 28, 2018

Vulnerability identifier: #VU16158

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-16852

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Samba

Affected software:
Samba

Detailed vulnerability description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The vulnerability exists due to an error in the internal DNS server or the Samba DLZ plugin for BIND9 during the processing of an DNS zone in the DNS management DCE/RPC server if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set. A remote attacker can NULL pointer dereference and cause the service to crash.

How to mitigate CVE-2018-16852

Update to version 4.9.3.

Sources

https://www.samba.org/samba/security/CVE-2018-16852.html

NULL pointer dereference in Samba - CVE-2018-16852

Detailed vulnerability description

How to mitigate CVE-2018-16852

Sources

Please verify you're human