1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2018-14629.html:</H2>
15 ====================================================================
16 == Subject: Unprivileged adding of CNAME record causing loop
17 == in AD Internal DNS server
19 == CVE ID#: CVE-2018-14629
21 == Versions: All versions of Samba from 4.0.0 onwards.
23 == Summary: CNAME loops can cause DNS server crashes, and CNAMEs
24 == can be added by unprivileged users.
26 ====================================================================
32 All versions of Samba from 4.0.0 onwards are vulnerable to infinite
33 query recursion caused by CNAME loops. Any dns record can be added via
34 ldap by an unprivileged user using the ldbadd tool, so this is a
41 Patches addressing both these issues have been posted to:
43 http://www.samba.org/samba/security/
45 Additionally, Samba 4.7.12, 4.8.7, and 4.9.3 have been issued as
46 security releases to correct the defect. Samba administrators are
47 advised to upgrade to these releases or apply the patch as soon as
54 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
60 The Samba AD DC can be configured to use BIND9 for DNS.
62 This is done by running
63 samba_upgradedns --dns-backend=BIND9_DLZ
64 and then disabling the 'dns' service in the smb.conf (eg 'server services =
71 The initial bug was found by Florian Stülpner
73 Aaron Haslett of Catalyst did the investigation and wrote the patch.