Candidate: CVE-2018-1140
CRD: 2018-08-14
PublicDate: 2018-08-22 14:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140
Description:
 A missing input sanitization flaw was found in the implementation of LDP
 database used for the LDAP server. An attacker could use this flaw to cause
 a denial of service against a samba server, used as a Active Directory
 Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable
Ubuntu-Description: 
Notes: 
 mdeslaur> 4.8.0+ only
Bugs: 
 https://bugzilla.samba.org/show_bug.cgi?id=13374
Priority: medium
Discovered-by: Laurent Debomy and Andrej Gessel
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_samba:
upstream_samba: released (4.8.4)
precise/esm_samba: not-affected
trusty_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.14.04.14)
trusty/esm_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.14.04.14)
xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.13)
esm-infra/xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.13)
bionic_samba: not-affected (2:4.7.6+dfsg~ubuntu-0ubuntu2)
devel_samba: not-affected (2:4.7.6+dfsg~ubuntu-0ubuntu3)