Vulnerability Details CVE-2019-12435
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://www.securityfocus.com/bid/108825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.synology.com/security/advisory/Synology_SA_19_27
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
- http://www.securityfocus.com/bid/108825
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
- https://usn.ubuntu.com/4018-1/
- https://www.samba.org/samba/security/CVE-2019-12435.html
- https://www.synology.com/security/advisory/Synology_SA_19_27
Products affected by CVE-2019-12435
-
cpe:2.3:a:samba:samba:4.10.0
-
cpe:2.3:a:samba:samba:4.10.1
-
cpe:2.3:a:samba:samba:4.10.2
-
cpe:2.3:a:samba:samba:4.10.3
-
cpe:2.3:a:samba:samba:4.10.4
-
cpe:2.3:a:samba:samba:4.9.0
-
cpe:2.3:a:samba:samba:4.9.1
-
cpe:2.3:a:samba:samba:4.9.2
-
cpe:2.3:a:samba:samba:4.9.3
-
cpe:2.3:a:samba:samba:4.9.4
-
cpe:2.3:a:samba:samba:4.9.5
-
cpe:2.3:a:samba:samba:4.9.6
-
cpe:2.3:a:samba:samba:4.9.7
-
cpe:2.3:a:samba:samba:4.9.8