Bug 1825731 (CVE-2020-10700)
Summary: | CVE-2020-10700 samba: Use-after-free in Samba AD DC LDAP Server with ASQ | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abokovoy, anoopcs, asn, gdeschner, hvyas, iboukris, iboukris, jarrpa, jstephen, lmohanty, madam, puebele, rhs-smb, sbose, security-response-team, ssorce, vbellur, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.10.15, samba 4.11.8, samba 4.12.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 10:23:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1828870 | ||
Bug Blocks: | 1825732 |
Description
Huzaifa S. Sidhpurwala
2020-04-20 04:15:34 UTC
Acknowledgments: Name: the Samba project Upstream: Andrei Popa Mitigation: As per upstream, the crash is hard to trigger, and relies in particular on the chain of child and grandchild links being queried with ASQ. Malicious users without write access will need to find a suitable chain within the existing directory layout. Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux as there is no support for samba as an Active Directory Domain Controller (AD DC). Similarly, the version of samba shipped with Red Hat Gluster Storage 3 is also not supported for use as an AD DC and, thus, is not affected by this vulnerability. External References: https://www.samba.org/samba/security/CVE-2020-10700.html Creating tracker bug for fedora-all, upon request from Gunther. Created samba tracking bugs for this issue: Affects: fedora-all [bug 1828870] |