Test ID:	1.3.6.1.4.1.25623.1.0.108694
Category:	Denial of Service
Title:	Samba DoS Vulnerability (CVE-2019-14847)
Summary:	Samba is prone to a denial of service vulnerability.
Description:	Summary: Samba is prone to a denial of service vulnerability. Vulnerability Insight: Since Samba 4.0.0 Samba has implemented, in the AD DC, the 'dirsync' LDAP control specified in MS-ADTS '3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID'. However, when combined with the ranged results feature specified in MS-ADTS '3.1.1.3.1.3.3 Range Retrieval of Attribute Values' a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue. Affected Software/OS: Samba 4.0.0 until Samba 4.10.9. Samba 4.11 is not affected as the issue was fixed as a result of Coverity static analysis, before the potential for denial of service became apparent. Solution: Update to version 4.9.15, 4.10.10 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14847 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/ https://www.samba.org/samba/security/CVE-2019-14847.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.