Описание
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
A flaw was found in samba. An off-by-default feature to tombstone dynamically created DNS records once they have reached their expiry time contains a use-after-free flaw that allows read memory to be saved back into the database. The highest threat from this vulnerability is to system availability.
Отчет
This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.
Меры по смягчению последствий
The code in question is not run in the default configuration, so the workaround is simply to not set dns zone scavenging = yes
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 7 | samba | Not affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Storage 3 | samba | Not affected | ||
| Red Hat Virtualization 4 | samba | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Уязвимость вызова realloc() пакета программ сетевого взаимодействия Samba, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3