SB2019121031 - Multiple vulnerabilities in Samba

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improperly implemented security feature (CVE-ID: CVE-2019-14870)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction ("delegation_not_allowed" user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.

2) Use of out-of-range pointer offset (CVE-ID: CVE-2019-14861)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.

Remediation

Install update from vendor's website.

References

• https://www.samba.org/samba/security/CVE-2019-14870.html
• https://www.samba.org/samba/security/CVE-2019-14861.html