ID de Prueba:	1.3.6.1.4.1.25623.1.0.108694
Categoría:	Denial of Service
Título:	Samba DoS Vulnerability (CVE-2019-14847)
Resumen:	Samba is prone to a denial of service vulnerability.
Descripción:	Summary: Samba is prone to a denial of service vulnerability. Vulnerability Insight: Since Samba 4.0.0 Samba has implemented, in the AD DC, the 'dirsync' LDAP control specified in MS-ADTS '3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID'. However, when combined with the ranged results feature specified in MS-ADTS '3.1.1.3.1.3.3 Range Retrieval of Attribute Values' a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue. Affected Software/OS: Samba 4.0.0 until Samba 4.10.9. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent. Solution: Update to version 4.9.15, 4.10.10 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14847 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/ https://www.samba.org/samba/security/CVE-2019-14847.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.