The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack.
One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash the Samba AD DC's RPC server process via a NULL pointer de-reference.
The other vulnerability is a Samba AD DC LDAP server crash, which affects all versions of Samba since Samba 4.10.0 and could let a user with read access to the directory cause a NULL pointer de-reference using the paged search control.
The Cybersecurity and Infrastructure Security Agency (CISA) encouraged users and administrators to review Samba's security announcements for the two vulnerabilities and to apply the necessary updates.
