Denial of Service : Samba 4.x Multiple DoS Vulnerabilities (CVE-2018-14629, CVE-2018-16851)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.141732

Category: Denial of Service

Title: Samba 4.x Multiple DoS Vulnerabilities (CVE-2018-14629, CVE-2018-16851)

Summary: Samba is prone to multiple denial of service (DoS); vulnerabilities.

Description: Summary:
Samba is prone to multiple denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
Samba is prone to multiple vulnerabilities:

- CVE-2018-14629: CNAME loops can cause DNS server crashes, and CNAMEs can be added by
unprivileged users.

- CVE-2018-16851: A user able to read more than 256MB of LDAP entries can crash the Samba AD DC's
LDAP server.

Affected Software/OS:
Samba version 4.x.x.

Solution:
Update to version 4.7.12, 4.8.7, 4.9.3 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-14629
BugTraq ID: 106022
http://www.securityfocus.com/bid/106022
Debian Security Information: DSA-4345 (Google Search)
https://www.debian.org/security/2018/dsa-4345
https://security.gentoo.org/glsa/202003-52
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html
https://usn.ubuntu.com/3827-1/
https://usn.ubuntu.com/3827-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-16851
BugTraq ID: 106027
http://www.securityfocus.com/bid/106027

Copyright Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.141732
Category:	Denial of Service
Title:	Samba 4.x Multiple DoS Vulnerabilities (CVE-2018-14629, CVE-2018-16851)
Summary:	Samba is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: Samba is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: Samba is prone to multiple vulnerabilities: - CVE-2018-14629: CNAME loops can cause DNS server crashes, and CNAMEs can be added by unprivileged users. - CVE-2018-16851: A user able to read more than 256MB of LDAP entries can crash the Samba AD DC's LDAP server. Affected Software/OS: Samba version 4.x.x. Solution: Update to version 4.7.12, 4.8.7, 4.9.3 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14629 BugTraq ID: 106022 http://www.securityfocus.com/bid/106022 Debian Security Information: DSA-4345 (Google Search) https://www.debian.org/security/2018/dsa-4345 https://security.gentoo.org/glsa/202003-52 https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html https://usn.ubuntu.com/3827-1/ https://usn.ubuntu.com/3827-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16851 BugTraq ID: 106027 http://www.securityfocus.com/bid/106027
Copyright	Copyright (C) 2018 Greenbone Networks GmbH