[Samba] CVE-2019-14907 impact on smbd daemon

Madhappan, Silambarasan silambarasan.madhappan at hpe.com
Fri Jan 24 08:29:40 UTC 2020 

Thank you, Andrew Bartlett for detailed clarification.

Thanks and Regards,
Silambarasan M

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Friday, January 24, 2020 11:47 AM
To: Madhappan, Silambarasan <silambarasan.madhappan at hpe.com>; samba at lists.samba.org
Subject: Re: [Samba] CVE-2019-14907 impact on smbd daemon

On Fri, 2020-01-24 at 05:04 +0000, Madhappan, Silambarasan via samba
wrote:
> Hi Team,
> 
> I am looking for more clarity of the impact of CVE-2019-14907 on smbd daemon.
> On HP-UX we have not enabled AD DC feature.
> Detail announcement of CVE-2019-14907<https://www.samba.org/samba/security/CVE-2019-14907.html > provides below information.
> "(In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."
> Does it means only child process will be killed and smbd daemon will continue serving other client threads. ?

Yes.

> Please provide more information on how a crash is harmless.

In smbd only the child process handles NTLMSSP, and we consider a NULL pointer de-reference like this to be a 'self Denial Of Service' in that case and so not a security concern.

On the other hand, this flaw is in common library code and an exhaustive search for other callers across the code-base was not done, mostly because this was such a line-ball call in the first place: 
running a server for long periods at log level 3 is pretty rare.

If you wanted to start such a search, I would note that there are almost certainly code paths that do character conversion in long-lived processes (eg nmbd, winbindd) and in the prefork children of the off- by-default 'spoolssd' and 'lsassd' modes of smbd. 

I realise this is less definitive than you would have liked but hope this clarifies things,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/ 
Authentication Developer, Samba Team  http://samba.org 
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list