CVE-2018-16852

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A NULL pointer de-reference issue has been found in samba from 4.9.0 up to and including 4.9.2, where a user able to create or modify dnsZone objects can crash the Samba AD DC's DNS management RPC server, DNS server or BIND9 when using Samba's DLZ plugin
Group Package Affected Fixed Severity Status Ticket
AVG-823 samba 4.9.2-1 4.9.3-1 High Fixed
Date Advisory Group Package Severity Description
28 Nov 2018 ASA-201811-22 AVG-823 samba High multiple issues
References
https://www.samba.org/samba/security/CVE-2018-16852.html
https://bugzilla.samba.org/show_bug.cgi?id=13669
https://github.com/samba-team/samba/commit/05f867db81f118215445f2c49eda4b9c3451d14a
https://github.com/samba-team/samba/commit/c78ca8b9b48a19e71f4d6ddd2e300f282fb0b247