openEuler 20.03 LTS update for samba
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU29486
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-14303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of UDp packets with 0 length data in Samba. A remote attacker can send a specially crafted UDP packet to port 137/TCP and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU29483
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-10730
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Samba AD DC LDAP Server with ASQ, VLV and paged_results. A remote authenticated user can pass specially crafted data to the application and perform a denial of service (DoS) attack by triggering a NULL pointer dereference or us-after-free error.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Use-after-free
EUVDB-ID: #VU29485
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-10760
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in Samba AD DC Global Catalog with paged_results and VLV. A remote user can send a specially crafted request to the LDAP server, trigger a use-after-free error and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource exhaustion
EUVDB-ID: #VU29484
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-10745
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing NBT and DNS replies. A remote attacker can send a name in the reply to a NBT or DNS request and consume excessive CPU resources, resulting in denial of service conditions.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
