Samba WINS Server NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the WINS server component of Samba when it is configured as an Active Directory Domain Controller. The issue arises because the WINS protocol handlers for certain request types fail to properly validate incoming packets. This flaw allows an unauthenticated remote attacker to send specially crafted UDP packets that trigger a NULL pointer dereference, causing the WINS service to crash. Although the service may automatically restart, the vulnerability can be easily exploited repeatedly, leading to continuous unavailability of the WINS service.

Impact

Exploitation of this vulnerability causes the WINS service to crash, creating a denial-of-service condition. The service may restart automatically, but the vulnerability can be easily repeated, causing ongoing disruption.

Remediation

To address this vulnerability, Samba administrators should upgrade to Samba versions 4.22.10, 4.23.8, or 4.24.3, all of which include the necessary patch. For deployments that do not require Samba's WINS functionality, WINS support can be disabled by removing the 'wins support = yes' setting from the Samba configuration.