PT-2020-3688 · Samba+4 · Samba+4

Huzaifa S. Sidhpurwala

Published

2020-04-20

Updated

2024-06-15

CVE-2020-10704

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions samba versions prior to 4.10.15 samba versions prior to 4.11.8 samba versions prior to 4.12.2

Description A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability.

Recommendations For samba versions prior to 4.10.15, update to version 4.10.15 or later. For samba versions prior to 4.11.8, update to version 4.11.8 or later. For samba versions prior to 4.12.2, update to version 4.12.2 or later.

Exploit

Fix

DoS

Resource Exhaustion

Buffer Overflow

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-120CWE-674

Related Identifiers

ALT-PU-2020-1888

ALT-PU-2020-1927

BDU:2020-04036

CVE-2020-10704

DLA-2463-1

ECHO-651D-AA48-5DC7

MGASA-2020-0205

OPENSUSE-SU-2020:0601-1

OPENSUSE-SU-2020:1023-1

OPENSUSE-SU-2020:1313-1

OPENSUSE-SU-2020_0601-1

OPENSUSE-SU-2020_1023-1

OPENSUSE-SU-2020_1313-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2020:1132-1

SUSE-SU-2020:1133-1

SUSE-SU-2020:1948-1

SUSE-SU-2020:2673-1

SUSE-SU-2020_1132-1

SUSE-SU-2020_1133-1

USN-4341-1

USN-4341-2

USN-4341-3

Affected Products

Alt Linux

Linuxmint

Samba

Suse

Ubuntu

PT-2020-3688 · Samba+4 · Samba+4

CVE-2020-10704

Weakness Enumeration

Related Identifiers

Affected Products

References · 164