ALT Linux Team

Package samba update in sisyphus on 2020-04-29

ALT-PU-2020-1888-1

Package samba updated to version 4.11.8-alt1 for branch sisyphus in task 250772.

Closed vulnerabilities

Published: 2020-04-20

BDU:2020-04036

Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, настроенного как контроллер домена Active Directory, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-05-04

BDU:2021-01208

Уязвимость LDAP-сервера samba AD DC, связанная с ошибками при обработке элементов управления «Paged Results» и «ASQ», позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-05-05
Modified: 2024-11-21

CVE-2020-10700

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-05-06
Modified: 2024-11-21

CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top