6.5

CVE-2018-14629

Exploit
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.0.0 < 4.7.12
SambaSamba Version >= 4.8.0 < 4.8.7
SambaSamba Version >= 4.8.8 < 4.9.3
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.19% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://security.gentoo.org/glsa/202003-52
http://www.securityfocus.com/bid/106022
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20181127-0001/
Third Party Advisory
https://usn.ubuntu.com/3827-1/
Third Party Advisory
https://usn.ubuntu.com/3827-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4345
Third Party Advisory
https://www.samba.org/samba/security/CVE-2018-14629.html
Patch
Vendor Advisory