openEuler 20.03 LTS update for samba

Published: 2020-12-30

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2020-14383 CVE-2020-14323 CVE-2020-14318
CWE-ID	CWE-119 CWE-476 CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	openEuler Operating systems & Components / Operating system samba-vfs-glusterfs Operating systems & Components / Operating system package or component samba-help Operating systems & Components / Operating system package or component samba-winbind-clients Operating systems & Components / Operating system package or component samba-dc-bind-dlz Operating systems & Components / Operating system package or component samba-winbind Operating systems & Components / Operating system package or component samba-devel Operating systems & Components / Operating system package or component samba-common Operating systems & Components / Operating system package or component samba-client Operating systems & Components / Operating system package or component samba-dc-provision Operating systems & Components / Operating system package or component libsmbclient Operating systems & Components / Operating system package or component libwbclient-devel Operating systems & Components / Operating system package or component samba-winbind-modules Operating systems & Components / Operating system package or component samba-common-tools Operating systems & Components / Operating system package or component ctdb-tests Operating systems & Components / Operating system package or component samba-debugsource Operating systems & Components / Operating system package or component samba-pidl Operating systems & Components / Operating system package or component python3-samba Operating systems & Components / Operating system package or component samba-test Operating systems & Components / Operating system package or component samba-debuginfo Operating systems & Components / Operating system package or component samba-krb5-printing Operating systems & Components / Operating system package or component ctdb Operating systems & Components / Operating system package or component samba-libs Operating systems & Components / Operating system package or component samba-dc Operating systems & Components / Operating system package or component libwbclient Operating systems & Components / Operating system package or component libsmbclient-devel Operating systems & Components / Operating system package or component python3-samba-test Operating systems & Components / Operating system package or component samba-winbind-krb5-locator Operating systems & Components / Operating system package or component python3-samba-dc Operating systems & Components / Operating system package or component samba Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU47993

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14383

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing DNS records. A remote user

with ability to create MX or NS records with absent properties can trigger the RPC service to dereference uninitialized memory and will result in denial of service attack against the RPC service.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU47991

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14323

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU47990

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14318

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.