CVE-2018-10918.html:

====================================================================
== Subject:     Denial of Service Attack on AD DC DRSUAPI server
==
== CVE ID#:     CVE-2018-10918
==
== Versions:    All versions of Samba from 4.7.0 onwards.
==
== Summary:     Missing null pointer checks may crash the Samba AD
==		DC, over the authenticated DRSUAPI RPC service.
==
====================================================================

===========
Description
===========

All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the "samba" process when Samba is an
Active Directory Domain Controller.

Missing database output checks on the returned directory attributes
from the LDB database layer cause the DsCrackNames call in the DRSUAPI
server to crash when following a NULL pointer.

This call is only available after authentication.

There is no further vulnerability associated with this error, merely a
denial of service.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.8.4 and Samba 4.7.9 have been issued as a
security release to correct the defect.  Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

No workaround is possible while acting as a Samba AD DC.

=======
Credits
=======

The issue was reported by Volker Mauel.  Andrew Bartlett of Catalyst
and the Samba Team provided the test and patches.