Denial of Service Vulnerability in Samba Active Directory Domain Controller
CVE-2020-10704
7.5HIGH
Summary
A flaw in Samba's implementation as an Active Directory Domain Controller can enable unauthorized users to craft specific requests that trigger a stack overflow, resulting in a denial of service. This affects system availability significantly as it renders the LDAP server unresponsive. This vulnerability impacts all versions of Samba prior to 4.10.15, 4.11.8, and 4.12.2, making timely updates essential.
Affected Version(s)
samba All versions before 4.10.15
samba All versions before 4.11.8
samba All versions before 4.12.2
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved