PT-2020-5803 · Samba Team+7 · Libldb+7

Published

2020-07-02

·

Updated

2024-06-15

·

CVE-2020-10730

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.10.17 Samba versions prior to 4.11.11 Samba versions prior to 4.12.4
Description: The issue is related to a NULL pointer dereference or possible use-after-free flaw in the Samba AD LDAP server. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference, with the highest threat being to system availability. The affected code is shipped with the libldb package.
Recommendations: For versions prior to 4.10.17, update to version 4.10.17 or later. For versions prior to 4.11.11, update to version 4.11.11 or later. For versions prior to 4.12.4, update to version 4.12.4 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-416

Related Identifiers

ALT-PU-2020-2444
ALT-PU-2020-2476
BDU:2021-01766
BDU:2021-01768
CESA-2020_4568
CVE-2020-10730
DLA-2463-1
DSA-4884-1
ECHO-439C-0AA3-D718
MGASA-2020-0289
OPENSUSE-SU-2020:0984-1
OPENSUSE-SU-2020:1023-1
OPENSUSE-SU-2020:1121-1
OPENSUSE-SU-2020:1313-1
OPENSUSE-SU-2020_0984-1
OPENSUSE-SU-2020_1023-1
OPENSUSE-SU-2020_1121-1
OPENSUSE-SU-2020_1313-1
OPENSUSE-SU-2024:10911-1
OPENSUSE-SU-2024:11365-1
RHSA-2020:3118
RHSA-2020:3119
RHSA-2020:4568
RHSA-2020_4568
SUSE-SU-2020:1913-1
SUSE-SU-2020:1948-1
SUSE-SU-2020:2067-1
SUSE-SU-2020:2673-1
SUSE-SU-2020_1913-1
SUSE-SU-2020_2067-1
USN-4409-1

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Samba
Suse
Ubuntu
Libldb