Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-12435

Source

Debian Bug report logs - #930748
samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 19 Jun 2019 19:51:01 UTC

Severity: important

Tags: security, upstream

Found in version samba/2:4.9.5+dfsg-4

Fixed in version 2:4.9.5+dfsg-5

Done: Mathieu Parent <math.parent@gmail.com>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#930748; Package src:samba. (Wed, 19 Jun 2019 19:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Wed, 19 Jun 2019 19:51:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: samba
Version: 2:4.9.5+dfsg-4
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for samba.

CVE-2019-12435[0]:
| Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
| dereference, leading to Denial of Service. This is related to the AD
| DC DNS management server (dnsserver) RPC server process.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12435
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
[1] https://www.samba.org/samba/security/CVE-2019-12435.html

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#930748; Package src:samba. (Wed, 19 Jun 2019 20:15:03 GMT) (full text, mbox, link).

Acknowledgement sent to Mathieu Parent <math.parent@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Wed, 19 Jun 2019 20:15:03 GMT) (full text, mbox, link).

Message #10 received at 930748@bugs.debian.org (full text, mbox, reply):

Le mer. 19 juin 2019 à 21:51, Salvatore Bonaccorso <carnil@debian.org> a écrit :
>
> Source: samba
> Version: 2:4.9.5+dfsg-4
> Severity: important
> Tags: security upstream
>
> Hi,

Hi,

> The following vulnerability was published for samba.
>
> CVE-2019-12435[0]:
> | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> | dereference, leading to Denial of Service. This is related to the AD
> | DC DNS management server (dnsserver) RPC server process.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> [1] https://www.samba.org/samba/security/CVE-2019-12435.html

I've just created a pre-approval unblock request to choose between
uploading 4.9.9 (including stability fixes) or 4.9.5+patch.


Regards

-- 
Mathieu Parent

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#930748; Package src:samba. (Wed, 19 Jun 2019 20:45:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Wed, 19 Jun 2019 20:45:03 GMT) (full text, mbox, link).

Message #15 received at 930748@bugs.debian.org (full text, mbox, reply):

Hey,

On Wed, Jun 19, 2019 at 10:12:15PM +0200, Mathieu Parent wrote:
> > The following vulnerability was published for samba.
> >
> > CVE-2019-12435[0]:
> > | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> > | dereference, leading to Denial of Service. This is related to the AD
> > | DC DNS management server (dnsserver) RPC server process.
> >
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
> >     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> > [1] https://www.samba.org/samba/security/CVE-2019-12435.html
> 
> I've just created a pre-approval unblock request to choose between
> uploading 4.9.9 (including stability fixes) or 4.9.5+patch.

Ack! Thank you Mathieu.

Regards,
Salvatore

Reply sent to Mathieu Parent <math.parent@gmail.com>:
You have taken responsibility. (Thu, 20 Jun 2019 07:48:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 20 Jun 2019 07:48:04 GMT) (full text, mbox, link).

Message #20 received at 930748-done@bugs.debian.org (full text, mbox, reply):

Version: 2:4.9.5+dfsg-5

Le mer. 19 juin 2019 à 22:41, Salvatore Bonaccorso <carnil@debian.org> a écrit :
>
> Hey,
>
> On Wed, Jun 19, 2019 at 10:12:15PM +0200, Mathieu Parent wrote:
> > > The following vulnerability was published for samba.
> > >
> > > CVE-2019-12435[0]:
> > > | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> > > | dereference, leading to Denial of Service. This is related to the AD
> > > | DC DNS management server (dnsserver) RPC server process.
> > >
> > >
> > > If you fix the vulnerability please also make sure to include the
> > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > >
> > > For further information see:
> > >
> > > [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
> > >     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> > > [1] https://www.samba.org/samba/security/CVE-2019-12435.html
> >
> > I've just created a pre-approval unblock request to choose between
> > uploading 4.9.9 (including stability fixes) or 4.9.5+patch.
>
> Ack! Thank you Mathieu.

I've uploaded 2:4.9.5+dfsg-5 with only targeted fixes.

But I forgot to add the Closes:. CLosing now.

Regards
-- 
Mathieu Parent

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Jun 20 12:56:33 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Debian Bug report logs - #930748
samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Vulmon Search

About

Products

Connect

samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Debian Bug report logs - #930748 samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)

Vulmon Search

About

Products

Connect

Debian Bug report logs - #930748
samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)