CVE-2018-14629

Name
CVE-2018-14629
Description
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://www.samba.org/samba/security/CVE-2018-14629.html
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629
Third Party Advisory https://www.debian.org/security/2018/dsa-4345
Third Party Advisory https://usn.ubuntu.com/3827-2/
Third Party Advisory https://usn.ubuntu.com/3827-1/
Third Party Advisory https://security.netapp.com/advisory/ntap-20181127-0001/
Third Party Advisory http://www.securityfocus.com/bid/106022
Mailing List https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html
GENTOO https://security.gentoo.org/glsa/202003-52

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.8.8 < 4.9.3
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.0.0 < 4.7.12
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.8.0 < 4.8.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status