PT-2020-5587 · Samba+4 · Samba+4

Andrei Popa

Published

2020-04-28

Updated

2024-06-15

CVE-2020-10700

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions samba versions prior to 4.10.15 samba versions prior to 4.11.8 samba versions prior to 4.12.2

Description A use-after-free flaw was found in the way samba AD DC LDAP servers handled 'Paged Results' control combined with the 'ASQ' control. This issue can be exploited by a malicious user in a samba AD to cause denial of service.

Recommendations For versions prior to 4.10.15, update to version 4.10.15 or later. For versions prior to 4.11.8, update to version 4.11.8 or later. For versions prior to 4.12.2, update to version 4.12.2 or later. As a temporary workaround, consider restricting access to the Paged Results and ASQ controls in the LDAP server until a patch is available.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1888

ALT-PU-2020-1927

BDU:2021-01208

CVE-2020-10700

ECHO-03BD-5B98-B7C0

MGASA-2020-0205

OPENSUSE-SU-2020:1023-1

OPENSUSE-SU-2020:1313-1

OPENSUSE-SU-2020_1023-1

OPENSUSE-SU-2020_1313-1

OPENSUSE-SU-2024:10911-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2020:1948-1

SUSE-SU-2020:2673-1

SUSE-SU-2020_1948-1

USN-4341-1

USN-4341-3

Affected Products

Alt Linux

Linuxmint

Samba

Suse

Ubuntu

PT-2020-5587 · Samba+4 · Samba+4

CVE-2020-10700

Weakness Enumeration

Related Identifiers

Affected Products

References · 139