Test Kennung:	1.3.6.1.4.1.25623.1.0.108694
Kategorie:	Denial of Service
Titel:	Samba DoS Vulnerability (CVE-2019-14847)
Zusammenfassung:	Samba is prone to a denial of service vulnerability.
Beschreibung:	Summary: Samba is prone to a denial of service vulnerability. Vulnerability Insight: Since Samba 4.0.0 Samba has implemented, in the AD DC, the 'dirsync' LDAP control specified in MS-ADTS '3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID'. However, when combined with the ranged results feature specified in MS-ADTS '3.1.1.3.1.3.3 Range Retrieval of Attribute Values' a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue. Affected Software/OS: Samba 4.0.0 until Samba 4.10.9. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent. Solution: Update to version 4.9.15, 4.10.10 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14847 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/ https://www.samba.org/samba/security/CVE-2019-14847.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.