As per upstream advisory: Samba has, since Samba 4.5, supported the VLV Active Directory LDAP feature, to allow clients to obtain 'virtual list views' of search results against a Samba AD DC using an LDAP control. The combination of this control, and the ASQ control combines to allow an authenticated user to trigger a NULL-pointer de-reference. It is also possible to trigger a use-after-free, both as the code is very similar to that addressed by CVE-2020-10700 and due to the way errors are handled in the dsdb_paged_results module since Samba 4.10.
Acknowledgments: Name: the Samba project Upstream: Andrew Bartlett
Statement: The version of samba shipped with Red Hat Gluster Storage 3 is built with a private copy of ldb which includes the vulnerable code. However, samba shipped with RHGS 3 is not supported for use as an AD DC and hence this issue has been rated as having a security impact of Low.
External References: https://www.samba.org/samba/security/CVE-2020-10730.html
Created libldb tracking bugs for this issue: Affects: fedora-all [bug 1853255]
Upstream patch: https://github.com/samba-team/samba/commit/d8b9bb274b7e7a390cf3bda9cd732cb2227bdbde
This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 8 Via RHSA-2020:3119 https://access.redhat.com/errata/RHSA-2020:3119
This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 7 Via RHSA-2020:3118 https://access.redhat.com/errata/RHSA-2020:3118
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10730
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4568 https://access.redhat.com/errata/RHSA-2020:4568