Synology-SA-19:27 Samba AD DC
Publish Time: 2019-06-21 17:16:00 UTC+8
Last Updated: 2019-06-21 17:16:00 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
None of Synology products are affected by CVE-2019-12435 and CVE-2019-12436 as these vulnerabilities only affect Samba 4.9 and later.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Directory Server for Windows Domain | Not affected | N/A |
Mitigation
None
Detail
CVE-2019-12435
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
CVE-2019-12436
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2019-06-21 | Initial public release. |