CVE-2019-12435

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html
http://www.securityfocus.com/bid/108825
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
https://usn.ubuntu.com/4018-1/
https://www.samba.org/samba/security/CVE-2019-12435.html	Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_27

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

History

No history.

Information

Published : 2019-06-19 12:15

Updated : 2023-11-07 03:03

NVD link : CVE-2019-12435

Mitre link : CVE-2019-12435

CVE.ORG link : CVE-2019-12435

JSON object : View

Products Affected

samba

samba

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2019-12435", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-06-19T12:15:10.140", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00023.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/108825", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSG3TLPZP35RH5DWAIDC7MHXRK5DFKOE/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4018-1/", "source": "cve@mitre.org"}, {"url": "https://www.samba.org/samba/security/CVE-2019-12435.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_27", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process."}, {"lang": "es", "value": "Samba versi\u00f3n 4.9.x anterior a 4.9.9 y versi\u00f3n 4.10.x anterior a 4.10.5, presenta una desreferencia de puntero NULL, lo que conlleva a la denegaci\u00f3n de servicio. Esto est\u00e1 relacionado al proceso del servidor RPC del servidor de administraci\u00f3n DNS (dnsserver) DC basado en AD."}], "lastModified": "2023-11-07T03:03:35.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD79B527-430D-4205-9062-AA036246DE49", "versionEndExcluding": "4.9.9", "versionStartIncluding": "4.9.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4CBDEC-BB50-46E1-8E8D-9B3106BB8EF9", "versionEndExcluding": "4.10.5", "versionStartIncluding": "4.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}