Use of out-of-range pointer offset in samba (Alpine package)



Published: 2019-12-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-14861
CWE-ID CWE-823
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		samba (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of out-of-range pointer offset

EUVDB-ID: #VU23507

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14861

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing DNS records in ldb_qsort() and dns_name_compare() function within the dnsserver RPC pipe. A remote authenticated user can register a zone with an existing name but in different register and force Samba to read memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() calls. This will trigger Samba to follow invalid memory as a pointer and lead to DoS of the DNS management server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

samba (Alpine package): 4.1.1-r0 - 4.10.10-r0

CPE2.3 External links

http://git.alpinelinux.org/aports/commit/?id=fddd8a3d858001f0e0d27c7fd9e1ffddf8ccdd2e
http://git.alpinelinux.org/aports/commit/?id=9739986c1e03ef958ef47887b03d03d06e6559e3
http://git.alpinelinux.org/aports/commit/?id=dd552b01b186a01114fb8d877ba15cf1895f0121


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###