Bug 1851298 (CVE-2020-14303)
Summary: | CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abokovoy, anoopcs, asn, gdeschner, hvyas, iboukris, iboukris, jarrpa, jstephen, lmohanty, madam, puebele, rhs-smb, sbose, security-response-team, ssorce, vbellur |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.10.17, samba 4.11.11, samba 4.12.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the AD DC NBT server in Samba. A samba user could send empty UDP packet to cause the samba server to crash.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-02 09:38:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1853259 | ||
Bug Blocks: | 1849490 |
Description
Huzaifa S. Sidhpurwala
2020-06-26 04:44:42 UTC
Acknowledgments: Name: the Samba project Upstream: Martin von Wittich (IServ GmbH), Wilko Meyer (IServ GmbH) Mitigation: The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137. The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the AD DC side of the codebase, not that used by the the member server or file server. External References: https://www.samba.org/samba/security/CVE-2020-14303.html Created samba tracking bugs for this issue: Affects: fedora-all [bug 1853259] Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux and Red Hat Gluster Storage 3 because there is no support for samba as Active Directory Domain Controller. |