Vulnerability Details : CVE-2018-16851
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.
Vulnerability category: Denial of service
Threat overview for CVE-2018-16851
Top countries where our scanners detected CVE-2018-16851
Top open port discovered on systems with this issue
445
IPs affected by CVE-2018-16851 144,390
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-16851!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-16851
Probability of exploitation activity in the next 30 days: 0.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-16851
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Red Hat, Inc. |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-16851
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-16851
-
https://www.samba.org/samba/security/CVE-2018-16851.html
Samba - Security Announcement ArchivePatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851
1646377 – (CVE-2018-16851) CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP serverIssue Tracking;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4345
Debian -- Security Information -- DSA-4345-1 sambaThird Party Advisory
-
https://usn.ubuntu.com/3827-1/
USN-3827-1: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.gentoo.org/glsa/202003-52
Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html
[SECURITY] [DLA 1607-1] samba security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3827-2/
USN-3827-2: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/106027
Samba CVE-2018-16851 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20181127-0001/
November 2018 Samba Vulnerabilities in NetApp StorageGRID Products | NetApp Product SecurityThird Party Advisory
Products affected by CVE-2018-16851
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*