Vulnerabilities > CVE-2019-12435 - NULL Pointer Dereference vulnerability in Samba

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
samba
CWE-476
nessus

Summary

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8015E5DC40.NASL
    descriptionFix vfs_fruit, vfs_glusterfs and smbspool ---- Update to Samba 4.10.5 Security fixes for CVE-2019-12435 and CVE-2019-12436 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126518
    published2019-07-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126518
    titleFedora 30 : 2:samba (2019-8015e5dc40)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-8015e5dc40.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126518);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2019-12435", "CVE-2019-12436");
      script_xref(name:"FEDORA", value:"2019-8015e5dc40");
    
      script_name(english:"Fedora 30 : 2:samba (2019-8015e5dc40)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix vfs_fruit, vfs_glusterfs and smbspool
    
    ----
    
    Update to Samba 4.10.5 Security fixes for CVE-2019-12435 and
    CVE-2019-12436
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8015e5dc40"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:samba package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"samba-4.10.5-1.fc30", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2018.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) - A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.(CVE-2019-3880) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129211
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129211
    titleEulerOS 2.0 SP3 : samba (EulerOS-SA-2019-2018)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1921.NASL
    descriptionAccording to the version of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128843
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128843
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2019-1921)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1902.NASL
    descriptionAccording to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128825
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128825
    titleEulerOS 2.0 SP5 : samba (EulerOS-SA-2019-1902)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1755.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : - CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed : - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126896
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126896
    titleopenSUSE Security Update : samba (openSUSE-2019-1755)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1832.NASL
    descriptionAccording to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-08-27
    plugin id128201
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128201
    titleEulerOS 2.0 SP8 : samba (EulerOS-SA-2019-1832)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4018-1.NASL
    descriptionIt was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12435) It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-12436). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126064
    published2019-06-20
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126064
    titleUbuntu 19.04 : samba vulnerabilities (USN-4018-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1869.NASL
    descriptionAccording to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.(CVE-2019-12435) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-17
    plugin id128921
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128921
    titleEulerOS 2.0 SP2 : samba (EulerOS-SA-2019-1869)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8966706E33.NASL
    descriptionUpdate to Samba 4.9.11 ---- Update to Samba 4.9.9 Security fixes for CVE-2019-12435 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126839
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126839
    titleFedora 29 : 2:samba / libldb (2019-8966706e33)
  • NASL familyMisc.
    NASL idSAMBA_CVE-2019-12435.NASL
    descriptionThe version of Samba running on the remote host is 4.9.x < 4.9.9 or 4.10.0 prior to 4.10.5. It is, therefore, potentially affected by a denial of service vulnerability in the AD DC DNS management server (dnsserver) RPC server process. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126307
    published2019-06-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126307
    titleSamba 4.9.x < 4.9.9 / 4.10.0 < 4.10.5 AC DC DNS Management Server Denial of Service Vulnerability (CVE-2019-12435)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1574-1.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). Add ceph_snapshots VFS module; (jsc#SES-183). Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126063
    published2019-06-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126063
    titleSUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:1574-1)