4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.017 Low
EPSS
Percentile
87.9%
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
Patches addressing both these issues have been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 4.9.9 and 4.10.5 have been issued as security
releases to correct the defect. Samba administrators are advised to
upgrade to these releases or apply the patch as soon as possible.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
The dnsserver task can be stopped by setting
‘dcerpc endpoint servers = -dnsserver’
in the smb.conf and restarting Samba.
Originally reported by Coverity as CID 1418127, and triaged by Douglas
Bagnall of Catalyst and the Samba Team.
Advisory by Andrew Bartlett of Catalyst and the Samba Team.
Patches provided by Douglas Bagnall of Catalyst and the Samba Team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.017 Low
EPSS
Percentile
87.9%