Published: 28/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba

A null pointer dereference flaw was found in the Samba DNS Management server when used as an Active Directory Domain Controller A remote attacker could use this flaw to cause a denial of service (application crash) ...

A NULL pointer de-reference issue has been found in samba from 490 up to and including 492, where a user able to create or modify dnsZone objects can crash the Samba AD DC's DNS management RPC server, DNS server or BIND9 when using Samba's DLZ plugin ...

CWE-476 https://www.samba.org/samba/security/CVE-2018-16852.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852 https://security.netapp.com/advisory/ntap-20181127-0001/http://www.securityfocus.com/bid/106024 https://security.gentoo.org/glsa/202003-52 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-16852

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16852

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect