CVE-2020-10700

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.10.0 ≤
𝑥
< 4.10.15
sambasamba
4.11.0 ≤
𝑥
< 4.11.8
sambasamba
4.12.0 ≤
𝑥
< 4.12.2
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
not-affected
jessie
not-affected
sid
2:4.21.1+dfsg-2
fixed
stretch
not-affected
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
not-affected
eoan
Fixed 2:4.10.7+dfsg-0ubuntu2.5
released
focal
Fixed 2:4.11.6+dfsg-0ubuntu1.1
released
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ldb-tools
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb-devel
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb1
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
libldb1-32bit
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
libldb2
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb2-32bit
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
python3-ldb
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
python3-ldb-devel
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://security.gentoo.org/glsa/202007-15
https://www.samba.org/samba/security/CVE-2020-10700.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://security.gentoo.org/glsa/202007-15
https://www.samba.org/samba/security/CVE-2020-10700.html