CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.10.15
sambasamba
4.11.0 ≤
𝑥
< 4.11.8
sambasamba
4.12.0 ≤
𝑥
< 4.12.2
opensuseleap
15.2
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
postponed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.16
released
eoan
Fixed 2:4.10.7+dfsg-0ubuntu2.5
released
focal
Fixed 2:4.11.6+dfsg-0ubuntu1.1
released
trusty
Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6
released
xenial
Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.26
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ldb-tools
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
libldb-devel
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
libldb1
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
libldb1-32bit
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
libldb2
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
libldb2-32bit
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
python3-ldb
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
python3-ldb-devel
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://security.gentoo.org/glsa/202007-15
https://www.samba.org/samba/security/CVE-2020-10704.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://security.gentoo.org/glsa/202007-15
https://www.samba.org/samba/security/CVE-2020-10704.html