Vulnerability Management

Samba security updates address Samba flaws that could be used to execute DoS attacks

The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack.

One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash the Samba AD DC's RPC server process via a NULL pointer de-reference.

The other vulnerability is a Samba AD DC LDAP server crash, which affects all versions of Samba since Samba 4.10.0 and could let a user with read access to the directory cause a NULL pointer de-reference using the paged search control.

The Cybersecurity and Infrastructure Security Agency (CISA) encouraged users and administrators to review Samba's security announcements for the two vulnerabilities and to apply the necessary updates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.