openEuler 20.03 LTS update for samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-14303 CVE-2020-10730 CVE-2020-10760 CVE-2020-10745 |
| CWE-ID | CWE-20 CWE-476 CWE-416 CWE-400 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system samba-winbind-modules Operating systems & Components / Operating system package or component samba-winbind-krb5-locator Operating systems & Components / Operating system package or component samba-winbind-clients Operating systems & Components / Operating system package or component samba-winbind Operating systems & Components / Operating system package or component samba-test Operating systems & Components / Operating system package or component samba-pidl Operating systems & Components / Operating system package or component samba-libs Operating systems & Components / Operating system package or component samba-krb5-printing Operating systems & Components / Operating system package or component samba-help Operating systems & Components / Operating system package or component samba-devel Operating systems & Components / Operating system package or component samba-debugsource Operating systems & Components / Operating system package or component samba-debuginfo Operating systems & Components / Operating system package or component samba-dc-provision Operating systems & Components / Operating system package or component samba-dc-bind-dlz Operating systems & Components / Operating system package or component samba-dc Operating systems & Components / Operating system package or component samba-common-tools Operating systems & Components / Operating system package or component samba-common Operating systems & Components / Operating system package or component samba-client Operating systems & Components / Operating system package or component python3-samba-test Operating systems & Components / Operating system package or component python3-samba-dc Operating systems & Components / Operating system package or component python3-samba Operating systems & Components / Operating system package or component libwbclient-devel Operating systems & Components / Operating system package or component libwbclient Operating systems & Components / Operating system package or component libsmbclient-devel Operating systems & Components / Operating system package or component libsmbclient Operating systems & Components / Operating system package or component ctdb-tests Operating systems & Components / Operating system package or component ctdb Operating systems & Components / Operating system package or component samba Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU29486
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-14303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of UDp packets with 0 length data in Samba. A remote attacker can send a specially crafted UDP packet to port 137/TCP and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU29483
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-10730
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Samba AD DC LDAP Server with ASQ, VLV and paged_results. A remote authenticated user can pass specially crafted data to the application and perform a denial of service (DoS) attack by triggering a NULL pointer dereference or us-after-free error.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Use-after-free
EUVDB-ID: #VU29485
Risk: Medium
CVSSv4.0: 7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Green]
CVE-ID: CVE-2020-10760
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in Samba AD DC Global Catalog with paged_results and VLV. A remote user can send a specially crafted request to the LDAP server, trigger a use-after-free error and perform a denial of service attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource exhaustion
EUVDB-ID: #VU29484
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-10745
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing NBT and DNS replies. A remote attacker can send a name in the reply to a NBT or DNS request and consume excessive CPU resources, resulting in denial of service conditions.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
samba-winbind-modules: before 4.11.6-8
samba-winbind-krb5-locator: before 4.11.6-8
samba-winbind-clients: before 4.11.6-8
samba-winbind: before 4.11.6-8
samba-test: before 4.11.6-8
samba-pidl: before 4.11.6-8
samba-libs: before 4.11.6-8
samba-krb5-printing: before 4.11.6-8
samba-help: before 4.11.6-8
samba-devel: before 4.11.6-8
samba-debugsource: before 4.11.6-8
samba-debuginfo: before 4.11.6-8
samba-dc-provision: before 4.11.6-8
samba-dc-bind-dlz: before 4.11.6-8
samba-dc: before 4.11.6-8
samba-common-tools: before 4.11.6-8
samba-common: before 4.11.6-8
samba-client: before 4.11.6-8
python3-samba-test: before 4.11.6-8
python3-samba-dc: before 4.11.6-8
python3-samba: before 4.11.6-8
libwbclient-devel: before 4.11.6-8
libwbclient: before 4.11.6-8
libsmbclient-devel: before 4.11.6-8
libsmbclient: before 4.11.6-8
ctdb-tests: before 4.11.6-8
ctdb: before 4.11.6-8
samba: before 4.11.6-8
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
