Denial of Service Vulnerability in Samba Active Directory Domain Controller
CVE-2020-10704

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Samba
Vendor: CVE Published:; 6 May 2020

🔔 Create Red Hat Vulnerability Alert

What is CVE-2020-10704?

A flaw in Samba's implementation as an Active Directory Domain Controller can enable unauthorized users to craft specific requests that trigger a stack overflow, resulting in a denial of service. This affects system availability significantly as it renders the LDAP server unresponsive. This vulnerability impacts all versions of Samba prior to 4.10.15, 4.11.8, and 4.12.2, making timely updates essential.

Affected Version(s)

samba All versions before 4.10.15

samba All versions before 4.11.8

samba All versions before 4.12.2

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2020
Vulnerability Reserved
Mar 20, 2020

CVE-2020-10704 Data

.