Severity Rating: Medium
Software Affected
· Samba 4.5.0 and later
Overview
Multiple vulnerabilities have been reported in samba which could allow a
remote attacker to cause denial of service conditions on a targeted system.
Description
1. NULL pointer dereference Vulnerability (CVE-2020-10730)
This vulnerability exists due to a NULL pointer dereference error in Samba
AD DC LDAP Server with ASQ, VLV and paged_results. A remote authenticated
user can pass specially crafted data to the application and perform a
denial of service (DoS) attack by triggering a NULL pointer dereference or
us-after-free error
Successful exploitation of this vulnerability could allow the allows a
remote user to perform a denial of service (DoS) attack.
2. Resource exhaustion Vulnerability (CVE-2020-10745)
This vulnerability exists due to application does not properly control
consumption of internal resources when processing NBT and DNS replies. A
remote attacker can send a name in the reply to a NBT or DNS request and
consume excessive CPU resources, resulting in denial of service conditions.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
3. Use-after-free Vulnerability (CVE-2020-10760)
This vulnerability exists due to a use-after-free error in Samba AD DC
Global Catalog with paged_results and VLV. A remote user can send a
specially crafted request to the LDAP server, trigger a use-after-free
error and perform a denial of service attack
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
3. Input validation error Vulnerability (CVE-2020-14303)
This vulnerability exists due to insufficient validation of UDP packets
with 0 length data in Samba. A remote attacker can send a specially crafted
UDP packet to port 137/TCP and perform a denial of service (DoS) attack
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
Solution
Update to the latest versions as available at the following URL
Vendor Information
Samba
References
Samba
CVE Name
CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.