[Samba] CVE-2019-14907 impact on smbd daemon
silambarasan.madhappan at hpe.com
Fri Jan 24 08:29:40 UTC 2020
Thank you, Andrew Bartlett for detailed clarification.
Thanks and Regards,
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, January 24, 2020 11:47 AM
To: Madhappan, Silambarasan <silambarasan.madhappan at hpe.com>; samba at lists.samba.org
Subject: Re: [Samba] CVE-2019-14907 impact on smbd daemon
On Fri, 2020-01-24 at 05:04 +0000, Madhappan, Silambarasan via samba
> Hi Team,
> I am looking for more clarity of the impact of CVE-2019-14907 on smbd daemon.
> On HP-UX we have not enabled AD DC feature.
> Detail announcement of CVE-2019-14907<https://www.samba.org/samba/security/CVE-2019-14907.html > provides below information.
> "(In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."
> Does it means only child process will be killed and smbd daemon will continue serving other client threads. ?
> Please provide more information on how a crash is harmless.
In smbd only the child process handles NTLMSSP, and we consider a NULL pointer de-reference like this to be a 'self Denial Of Service' in that case and so not a security concern.
On the other hand, this flaw is in common library code and an exhaustive search for other callers across the code-base was not done, mostly because this was such a line-ball call in the first place:
running a server for long periods at log level 3 is pretty rare.
If you wanted to start such a search, I would note that there are almost certainly code paths that do character conversion in long-lived processes (eg nmbd, winbindd) and in the prefork children of the off- by-default 'spoolssd' and 'lsassd' modes of smbd.
I realise this is less definitive than you would have liked but hope this clarifies things,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba