Description
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as
used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7,
and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote
attackers to cause a denial of service (infinite loop) via crafted packets.
Notes
| mdeslaur | says 4.0.0 to 4.3.2, need to check precise
may require ldb update |
Package
| Upstream: | needs-triage
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was released [1:1.1.4-1ubuntu0.1])
|
| Ubuntu 14.04 ESM (Trusty Tahr): | released
(1:1.1.16-1ubuntu0.1)
|
| Ubuntu 16.04 LTS (Xenial Xerus): | released
(2:1.1.24-1ubuntu1)
|
Package
| Upstream: | released
(4.3.3,4.2.7,4.1.22)
|
| Ubuntu 12.04 ESM (Precise Pangolin): | not-affected
(2:3.6.3-2ubuntu2.12)
|
| Ubuntu 14.04 ESM (Trusty Tahr): | released
(2:4.1.6+dfsg-1ubuntu2.14.04.11)
|
| Ubuntu 16.04 LTS (Xenial Xerus): | released
(2:4.3.3+dfsg-1ubuntu1)
|
Patches:
Package
| Upstream: | released
(4.3.3,4.2.7,4.1.22)
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was needed)
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Updated: 2019-12-05 18:41:04 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)