QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10704

Published: May 6, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Vendor	Product	Versions
Red Hat	samba	affected `All versions before 4.10.15` affected `All versions before 4.11.8` affected `All versions before 4.12.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

FEDORA-2020-e244c98af5

vendor-advisory

FEDORA-2020-9cf0b1c8f1

vendor-advisory

openSUSE-SU-2020:1023

vendor-advisory

vendor-advisory

openSUSE-SU-2020:1313

vendor-advisory

[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update

mailing-list

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704

https://www.samba.org/samba/security/CVE-2020-10704.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.