ASA-2019-00119 – Samba: Out-of-bounds read em ldb_wildcard_compare()


For the English version of this alert, click here.

Allele Security Alert

ASA-2019-00119

Identificador(es)

ASA-2019-00119, CVE-2019-3824

Título

Out-of-bounds read em ldb_wildcard_compare()

Fabricante(s)

The Samba Project

Produto(s)

Samba

Versão(ões) afetada(s)

Samba 4.9 e anterior

Versão(ões) corrigida(s)

Samba 4.9.5

Prova de conceito

Desconhecido

Descrição

Um usuário com permissão de leitura no servidor LDAP pode travar o processo do servidor LDAP compartilhado do DC do Samba AD.

Usando uma expressão de pesquisa como (cn=test*multi*test*multi) um usuário autenticado pode travar o processo LDAP compartilhado do AD DC.

Note que no Samba 4.7 e posterior, o padrão é não ter um processo LDAP compartilhado, a menos que -M prefork ou -M single seja especificado na linha de comando para ‘samba’.

Technical details

Desconhecido

Créditos

Garming Sam (Catalyst)

Referência(s)

Bug 13773 – (CVE-2019-3824) CVE-2019-3824 [SECURITY] ldb: Out of bound read in ldb_wildcard_compare
https://bugzilla.samba.org/show_bug.cgi?id=13773

ldb: Out of bound read in ldb_wildcard_compare
https://attachments.samba.org/attachment.cgi?id=14819

[PATCH] ldb: Out ouf bound read in ldb_wildcard_compare
https://lists.samba.org/archive/samba-technical/2019-January/132068.html

CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
https://github.com/samba-team/samba/commit/3674b0891afb016c83763520b87e9f190dcfe884#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: wildcard_match end of data check
https://github.com/samba-team/samba/commit/42f0f57eb819ce6b68a8c5b3b53123b83ec917e3#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: wildcard_match check tree operation
https://github.com/samba-team/samba/commit/34383981a0c40860f71a4451ff8fd752e1b67666#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
https://github.com/samba-team/samba/commit/9427806f7298d71bd7edfbdda7506ec63f15dda1#diff-7cb72b8290ee6817ac5657e493d06061

CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
https://github.com/samba-team/samba/commit/745b99fc6b75db33cdb0a58df1a3f2a5063bc76e#diff-7cb72b8290ee6817ac5657e493d06061

Bug 1671845 (CVE-2019-3824) – CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824

Samba 4.9.5 – Release Notes
https://www.samba.org/samba/history/samba-4.9.5.html

CVE-2019-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3824

CVE-2019-3824
https://nvd.nist.gov/vuln/detail/CVE-2019-3824

Se encontrou algum erro neste alerta ou deseja uma análise compreensiva, entre em contato.

Última modificação: 12 março 2019