CVE-2018-16852.html:
====================================================================
== Subject: NULL pointer de-reference in Samba AD DC DNS servers
==
== CVE ID#: CVE-2018-16852
==
== Versions: All versions of Samba from 4.9.0 onwards.
==
== Summary: A user able to create or modify dnsZone objects
== can crash the Samba AD DC's DNS management RPC server,
== DNS server or BIND9 when using Samba's DLZ plugin
===================================================================
===========
Description
===========
During the processing of an DNS zone in the DNS management DCE/RPC
server, the internal DNS server or the Samba DLZ plugin for BIND9,
if the DSPROPERTY_ZONE_MASTER_SERVERS property or
DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will
follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
==================
Patch Availability
==================
Patches addressing both these issues have been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 4.9.3 has been issued as security releases
to correct the defect. Samba administrators are advised to
upgrade to these releases or apply the patch as soon as possible.
==================
CVSSv3 calculation
==================
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.9)
=========================
Workaround and mitigation
=========================
None. Only users with write access to dnsZone objects can trigger
this issue.
=======
Credits
=======
Originally reported by Fabrizio Faganello.
Patches provided by Gary Lockyer of the Samba Team and Catalyst.
===============================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
===============================================================