Use-After-Free Vulnerability in Samba AD DC LDAP Servers
CVE-2020-10700

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Samba
Vendor
CVE Published:
4 May 2020

Summary

A use-after-free flaw exists in the handling of 'Paged Results' control when combined with the 'ASQ' control in Samba AD DC LDAP servers. This issue could allow a malicious user within a Samba Active Directory to exploit this vulnerability, potentially leading to a denial of service. It is crucial for users and administrators to ensure that their Samba installations are updated to versions 4.10.15, 4.11.8, or 4.12.2 or later to mitigate such risks.

Affected Version(s)

samba All versions before 4.10.15

samba All versions before 4.11.8

samba All versions before 4.12.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
x_refsource_CONFIRM
https://www.samba.org/samba/security/CVE-2020-10700.html
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.