[Samba] CVE-2019-14907 impact on smbd daemon
Andrew Bartlett
abartlet at samba.org
Fri Jan 24 06:16:53 UTC 2020
On Fri, 2020-01-24 at 05:04 +0000, Madhappan, Silambarasan via samba
wrote:
> Hi Team,
>
> I am looking for more clarity of the impact of CVE-2019-14907 on smbd daemon.
> On HP-UX we have not enabled AD DC feature.
> Detail announcement of CVE-2019-14907<https://www.samba.org/samba/security/CVE-2019-14907.html> provides below information.
> "(In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."
> Does it means only child process will be killed and smbd daemon will continue serving other client threads. ?
Yes.
> Please provide more information on how a crash is harmless.
In smbd only the child process handles NTLMSSP, and we consider a NULL
pointer de-reference like this to be a 'self Denial Of Service' in that
case and so not a security concern.
On the other hand, this flaw is in common library code and an
exhaustive search for other callers across the code-base was not done,
mostly because this was such a line-ball call in the first place:
running a server for long periods at log level 3 is pretty rare.
If you wanted to start such a search, I would note that there are
almost certainly code paths that do character conversion in long-lived
processes (eg nmbd, winbindd) and in the prefork children of the off-
by-default 'spoolssd' and 'lsassd' modes of smbd.
I realise this is less definitive than you would have liked but hope
this clarifies things,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list