Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-14629

Опубликовано: 20 нояб. 2018
Источник: redhat
CVSS3: 6.5
EPSS Средний

Описание

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

A denial of service vulnerability was discovered in Samba's LDAP server. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

Отчет

Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present. These packages are not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaNot affected
Red Hat Enterprise Linux 5samba3xNot affected
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Storage 3sambaNot affected
Red Hat Virtualization 4sambaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1625449samba: Unprivileged adding of CNAME record causing loop in AD LDAP server

EPSS

Процентиль: 94%
0.13621
Средний

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-14629

CVSS3: 6.5
ubuntu
около 7 лет назад

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

nvd логотип

CVE-2018-14629

CVSS3: 6.5
nvd
около 7 лет назад

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

debian логотип

CVE-2018-14629

CVSS3: 6.5
debian
около 7 лет назад

A denial of service vulnerability was discovered in Samba's LDAP serve ...

github логотип

GHSA-4hxq-xf3v-3jxv

CVSS3: 6.5
github
больше 3 лет назад

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

fstec логотип

BDU:2019-00874

CVSS3: 6.5
fstec
больше 7 лет назад

Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, связанная с ошибкой при обработке запросов, содержащих зацикленные записи CNAME, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 94%
0.13621
Средний

6.5 Medium

CVSS3