#VU16158 NULL pointer dereference in Samba - CVE-2018-16852

Cybersecurity Help s.r.o.

Published: 2018-11-28

Vulnerability identifier: #VU16158

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16852

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The vulnerability exists due to an error in the internal DNS server or the Samba DLZ plugin for BIND9 during the processing of an DNS zone in the DNS management DCE/RPC server if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set. A remote attacker can NULL pointer dereference and cause the service to crash.

Mitigation
Update to version 4.9.3.

Vulnerable software versions

Samba: 4.9.0 - 4.9.1

External links
https://www.samba.org/samba/security/CVE-2018-16852.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Samba

Slackware Linux update for samba

Arch Linux update for samba

Multiple vulnerabilities in Samba