SB2020110205 - OpenSUSE Linux update for samba
Published: November 2, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-14318)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.
2) NULL pointer dereference (CVE-ID: CVE-2020-14323)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.
3) Memory corruption (CVE-ID: CVE-2020-14383)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing DNS records. A remote user
with ability to create MX or NS records with absent properties can trigger the RPC service to dereference uninitialized memory and will result in denial of service attack against the RPC service.Remediation
Install update from vendor's website.