CVE-2019-12436: Null Pointer Dereference
First published: Wed Jun 19 2019(Updated: )
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/samba | <2:4.10.0+dfsg-0ubuntu2.2 | 2:4.10.0+dfsg-0ubuntu2.2 |
| ubuntu/samba | <4.9.10 | 4.9.10 |
| debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.0~rc1+really4.20.4+dfsg-1 2:4.21.0+dfsg-1 | |
| Samba | >=4.10.0<4.10.5 | |
| Ubuntu Linux | =19.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108823
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12436.html
- https://www.synology.com/security/advisory/Synology_SA_19_27
- https://launchpad.net/bugs/cve/CVE-2019-12436
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://security-tracker.debian.org/tracker/CVE-2019-12436
- https://ubuntu.com/security/notices/USN-4018-1
- https://www.cve.org/CVERecord?id=CVE-2019-12436
- https://nvd.nist.gov/vuln/detail/CVE-2019-12436
- https://ubuntu.com/security/CVE-2019-12436
Frequently Asked Questions
What is the severity of CVE-2019-12436?
CVE-2019-12436 is classified as a medium severity vulnerability due to its potential to cause a Denial of Service in affected Samba versions.
How do I fix CVE-2019-12436?
To fix CVE-2019-12436, upgrade Samba to version 4.10.5 or later on your system.
Which versions of Samba are affected by CVE-2019-12436?
Samba versions 4.10.0 to 4.10.4 are affected by CVE-2019-12436.
Can CVE-2019-12436 be exploited remotely?
CVE-2019-12436 can be exploited remotely by an attacker who has directory read access.
What type of attack does CVE-2019-12436 facilitate?
CVE-2019-12436 facilitates a Denial of Service attack on an Active Directory LDAP server.
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/type
- agent/severity
- agent/description
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/samba
- canonical/samba
- version/samba/4.10.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/19.04