CVE-2019-12435.html:

===========================================================
== Subject:     Samba AD DC Denial of Service in DNS management server (dnsserver)
==
== CVE ID#:     CVE-2019-12435
==
== Versions:    Samba 4.9 and 4.10
==
== Summary:     An authenticated user can crash the Samba AD DC's
                RPC server process via a NULL pointer de-reference.

===========================================================

===========
Description
===========

The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.

An authenticated user can crash the RPC server process via a NULL
pointer de-reference.

There is no further vulnerability associated with this issue, merely a
denial of service.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 4.9.9 and 4.10.5 have been issued as security
releases to correct the defect. Samba administrators are advised to
upgrade to these releases or apply the patch as soon as possible.

==================
CVSSv3 calculation
==================

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)

==========
Workaround
==========

The dnsserver task can be stopped by setting 
 'dcerpc endpoint servers = -dnsserver'
in the smb.conf and restarting Samba. 

=======
Credits
=======

Originally reported by Coverity as CID 1418127, and triaged by Douglas
Bagnall of Catalyst and the Samba Team.

Advisory by Andrew Bartlett of Catalyst and the Samba Team.

Patches provided by Douglas Bagnall of Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================