ALT-PU-2020-1888-1

Package update samba in branch sisyphus

Version4.11.8-alt1

Published2020-04-29

Max severityHIGH

Severity:

Closed issues (4)

HIGH7.5

Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, настроенного как контроллер домена Active Directory, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-08-26Modified: 2024-09-16

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2020-10704

MEDIUM5.3

Уязвимость LDAP-сервера samba AD DC, связанная с ошибками при обработке элементов управления «Paged Results» и «ASQ», позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-11Modified: 2024-09-16

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2020-10700

MEDIUM5.3

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Published: 2020-05-04Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References

HIGH7.5

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Published: 2020-05-06Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References