openEuler 20.03 LTS update for samba

1) Memory corruption

EUVDB-ID: #VU47993

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14383

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing DNS records. A remote user

 with ability to create MX or NS records with absent properties can trigger the RPC service to dereference uninitialized memory and will result in denial of service attack against the RPC service.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
• cpe:2.3:a:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU47991

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14323

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
• cpe:2.3:a:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU47990

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14318

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS

samba-vfs-glusterfs: before 4.11.12-3

samba-help: before 4.11.12-3

samba-winbind-clients: before 4.11.12-3

samba-dc-bind-dlz: before 4.11.12-3

samba-winbind: before 4.11.12-3

samba-devel: before 4.11.12-3

samba-common: before 4.11.12-3

samba-client: before 4.11.12-3

samba-dc-provision: before 4.11.12-3

libsmbclient: before 4.11.12-3

libwbclient-devel: before 4.11.12-3

samba-winbind-modules: before 4.11.12-3

samba-common-tools: before 4.11.12-3

ctdb-tests: before 4.11.12-3

samba-debugsource: before 4.11.12-3

samba-pidl: before 4.11.12-3

python3-samba: before 4.11.12-3

samba-test: before 4.11.12-3

samba-debuginfo: before 4.11.12-3

samba-krb5-printing: before 4.11.12-3

ctdb: before 4.11.12-3

samba-libs: before 4.11.12-3

samba-dc: before 4.11.12-3

libwbclient: before 4.11.12-3

libsmbclient-devel: before 4.11.12-3

python3-samba-test: before 4.11.12-3

samba-winbind-krb5-locator: before 4.11.12-3

python3-samba-dc: before 4.11.12-3

samba: before 4.11.12-3

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
• cpe:2.3:a:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1121

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.