Synology-SA-19:27 Samba AD DC

Publish Time: 2019-06-21 17:16:00 UTC+8

Last Updated: 2019-06-21 17:16:00 UTC+8

Severity
Not affected
Status
Resolved

Abstract

None of Synology products are affected by CVE-2019-12435 and CVE-2019-12436 as these vulnerabilities only affect Samba 4.9 and later.

Affected Products

Product Severity Fixed Release Availability
Directory Server for Windows Domain Not affected N/A

Mitigation

None

Detail

  • CVE-2019-12435

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
  • CVE-2019-12436

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

Reference

Revision

Revision Date Description
1 2019-06-21 Initial public release.