Vulnerabilities > CVE-2019-12435 - NULL Pointer Dereference vulnerability in Samba
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 24 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-8015E5DC40.NASL description Fix vfs_fruit, vfs_glusterfs and smbspool ---- Update to Samba 4.10.5 Security fixes for CVE-2019-12435 and CVE-2019-12436 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126518 published 2019-07-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126518 title Fedora 30 : 2:samba (2019-8015e5dc40) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-8015e5dc40. # include("compat.inc"); if (description) { script_id(126518); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-12435", "CVE-2019-12436"); script_xref(name:"FEDORA", value:"2019-8015e5dc40"); script_name(english:"Fedora 30 : 2:samba (2019-8015e5dc40)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix vfs_fruit, vfs_glusterfs and smbspool ---- Update to Samba 4.10.5 Security fixes for CVE-2019-12435 and CVE-2019-12436 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8015e5dc40" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"samba-4.10.5-1.fc30", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2018.NASL description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) - A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.(CVE-2019-3880) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129211 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129211 title EulerOS 2.0 SP3 : samba (EulerOS-SA-2019-2018) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1921.NASL description According to the version of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128843 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128843 title EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2019-1921) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1902.NASL description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-16 plugin id 128825 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128825 title EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-1902) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1755.NASL description This update for samba fixes the following issues : Security issues fixed : - CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed : - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126896 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126896 title openSUSE Security Update : samba (openSUSE-2019-1755) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1832.NASL description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-08-27 plugin id 128201 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128201 title EulerOS 2.0 SP8 : samba (EulerOS-SA-2019-1832) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4018-1.NASL description It was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12435) It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12436). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126064 published 2019-06-20 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126064 title Ubuntu 19.04 : samba vulnerabilities (USN-4018-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1869.NASL description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-17 plugin id 128921 published 2019-09-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128921 title EulerOS 2.0 SP2 : samba (EulerOS-SA-2019-1869) NASL family Fedora Local Security Checks NASL id FEDORA_2019-8966706E33.NASL description Update to Samba 4.9.11 ---- Update to Samba 4.9.9 Security fixes for CVE-2019-12435 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126839 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126839 title Fedora 29 : 2:samba / libldb (2019-8966706e33) NASL family Misc. NASL id SAMBA_CVE-2019-12435.NASL description The version of Samba running on the remote host is 4.9.x < 4.9.9 or 4.10.0 prior to 4.10.5. It is, therefore, potentially affected by a denial of service vulnerability in the AD DC DNS management server (dnsserver) RPC server process. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 126307 published 2019-06-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126307 title Samba 4.9.x < 4.9.9 / 4.10.0 < 4.10.5 AC DC DNS Management Server Denial of Service Vulnerability (CVE-2019-12435) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1574-1.NASL description This update for samba fixes the following issues : Security issues fixed : CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). Add ceph_snapshots VFS module; (jsc#SES-183). Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126063 published 2019-06-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126063 title SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:1574-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://www.securityfocus.com/bid/108825
- http://www.securityfocus.com/bid/108825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.synology.com/security/advisory/Synology_SA_19_27
- https://www.synology.com/security/advisory/Synology_SA_19_27