Bug 1825734 (CVE-2020-10704)
Summary: | CVE-2020-10704 samba: LDAP Denial of Service (stack overflow) in Samba AD DC | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abokovoy, anoopcs, asn, gdeschner, hvyas, iboukris, iboukris, jarrpa, jstephen, lmohanty, madam, puebele, rhs-smb, sbose, security-response-team, ssorce, vbellur, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.10.15, samba 4.11.8, samba 4.12.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 10:22:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1828872 | ||
Bug Blocks: | 1825732 |
Description
Huzaifa S. Sidhpurwala
2020-04-20 04:37:03 UTC
Acknowledgments: Name: the Samba project Mitigation: By default, Samba 4.10 is run using the "standard" process model, which would leave only the CLDAP server affected. (Later versions use 'prefork'). This is controlled by the -M or --model parameter to the samba binary. All Samba versions are impacted if -M prefork or -M single is used. To mitigate this issue for LDAP only, select -M standard (however this will use more memory, may allow resource exhaustion, and will still leave the CLDAP server exposed). Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux as there is no support for samba as an Active Directory Domain Controller (AD DC). Similarly, the version of samba shipped with Red Hat Gluster Storage 3 is also not supported for use as an AD DC and, thus, is not affected by this vulnerability. External References: https://www.samba.org/samba/security/CVE-2020-10704.html Creating tracker bug for fedora-all, upon request from Gunther. Created samba tracking bugs for this issue: Affects: fedora-all [bug 1828872] |