CVE-2018-16852
Slackware Security Advisory - samba Updates
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
Samba, desde la versión 4.9.0 antes de la versión 4.9.3, es vulnerable a una desreferencia de puntero NULL. Durante el procesamiento de una zona DNS en el servidor DCE/RPC de gestión DNS, el servidor DNS interno del plugin Samba DLZ para BIND9, si las propiedades DSPROPERTY_ZONE_MASTER_SERVERS o DSPROPERTY_ZONE_SCAVENGING_SERVERS están establecidas, el servidor seguirá un puntero NULL y se terminará. No hay más vulnerabilidades asociadas a este problema, simplemente una denegación de servicio (DoS).
Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Versions less than 4.11.6 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-11 CVE Reserved
- 2018-11-28 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106024 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CV... | Issue Tracking | |
| https://security.netapp.com/advisory/ntap-2018... | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-52 | 2019-10-09 |