CVE-2018-14629

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106022	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629	Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20181127-0001/	Third Party Advisory
https://usn.ubuntu.com/3827-1/	Third Party Advisory
https://usn.ubuntu.com/3827-2/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4345	Third Party Advisory
https://www.samba.org/samba/security/CVE-2018-14629.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

History

No history.

Information

Published : 2018-11-28 14:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-14629

Mitre link : CVE-2018-14629

CVE.ORG link : CVE-2018-14629

JSON object : View

Products Affected

debian

debian_linux

samba

samba

canonical

ubuntu_linux

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-400

Uncontrolled Resource Consumption

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-14629

6.5^/10

4.0^/10

Attach tags to `CVE-2018-14629`