Impact: Moderate Public Date: 2019-02-25 CWE: CWE-125 Bugzilla: 1671845: CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
Find out more about CVE-2019-3824 from the MITRE CVE dictionary dictionary and NIST NVD.
The versions of samba packages shipped with Red Hat Enterprise Linux 5, 6, and 7 do not support Active Directory Domain Controller mode, therefore are not affected by this flaw.
This issue did not affect the version of samba as shipped with 'Red Hat Gluster Storage 3' as they did not include support for Active Directory Domain Controller.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Gluster Storage 3 | samba | Not affected |
| Red Hat Enterprise Linux 7 | libldb | Not affected |
| Red Hat Enterprise Linux 6 | libldb | Not affected |
| Red Hat Enterprise Linux 5 | libldb | Not affected |
Vulmon