===========================================================
== Subject:     ldb: Out of bound read in ldb_wildcard_compare
==
== CVE ID#:     CVE-2019-3824
==
== Versions:    Samba 4.9 and earlier
==
== Summary:     A user with read permission on the LDAP server
                can crash the shared LDAP server process of the Samba
		AD DC
===========================================================

===========
Description
===========

By using a search expression like (cn=test*multi*test*multi) an
authenticated user can crash the shared LDAP process of the AD DC

Note that in Samba 4.7 and later, the default is not to have a
shared LDAP process, unless -M prefork or -M single is specified on
the command line to 'samba'.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://www.samba.org/samba/security/

Because Samba 4.7 and later use the 'standard' process model (forking)
by default, earlier versions are unsupported and no data is returned,
no Samba security releases will be made.

Samba administrators are advised to upgrade to supported releases or apply
the patch as soon as possible.

==================
CVSSv3 calculation
==================

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

==========
Workaround
==========

If the Samba 4.7 or later AD DC is being run with the -M single or -M
prefork command line argument to the 'samba' binary, return to the
default (standard) mode.

=======
Credits
=======

Analysis by Garming Sam of Catalyst and the Samba Team

Patches provided by Lukas Slebodnik of Red Hat, advisory by Andrew
Bartlett of Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================