SUSE update for samba

Published: 2022-02-01

Risk	High
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336
CWE-ID	CWE-122 CWE-125 CWE-362 CWE-476 CWE-59 CWE-787 CWE-345
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #7 is available.
Vulnerable software	SUSE Linux Enterprise Module for Python2 Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system SUSE Linux Enterprise Module for Server Applications Operating systems & Components / Operating system ctdb-debuginfo Operating systems & Components / Operating system package or component ctdb Operating systems & Components / Operating system package or component apparmor-utils-lang Operating systems & Components / Operating system package or component apparmor-utils Operating systems & Components / Operating system package or component apparmor-profiles Operating systems & Components / Operating system package or component apparmor-parser-lang Operating systems & Components / Operating system package or component apparmor-docs Operating systems & Components / Operating system package or component apparmor-abstractions Operating systems & Components / Operating system package or component samba-winbind-libs-32bit-debuginfo Operating systems & Components / Operating system package or component samba-winbind-libs-32bit Operating systems & Components / Operating system package or component samba-libs-32bit-debuginfo Operating systems & Components / Operating system package or component samba-libs-32bit Operating systems & Components / Operating system package or component samba-devel-32bit Operating systems & Components / Operating system package or component samba-client-libs-32bit-debuginfo Operating systems & Components / Operating system package or component samba-client-libs-32bit Operating systems & Components / Operating system package or component samba-client-32bit-debuginfo Operating systems & Components / Operating system package or component samba-client-32bit Operating systems & Components / Operating system package or component samba-ad-dc-libs-32bit-debuginfo Operating systems & Components / Operating system package or component samba-ad-dc-libs-32bit Operating systems & Components / Operating system package or component pam_apparmor-32bit-debuginfo Operating systems & Components / Operating system package or component pam_apparmor-32bit Operating systems & Components / Operating system package or component libtevent0-32bit-debuginfo Operating systems & Components / Operating system package or component libtevent0-32bit Operating systems & Components / Operating system package or component libtdb1-32bit-debuginfo Operating systems & Components / Operating system package or component libtdb1-32bit Operating systems & Components / Operating system package or component libtalloc2-32bit-debuginfo Operating systems & Components / Operating system package or component libtalloc2-32bit Operating systems & Components / Operating system package or component libldb2-32bit-debuginfo Operating systems & Components / Operating system package or component libldb2-32bit Operating systems & Components / Operating system package or component libapparmor1-32bit-debuginfo Operating systems & Components / Operating system package or component libapparmor1-32bit Operating systems & Components / Operating system package or component krb5-32bit-debuginfo Operating systems & Components / Operating system package or component krb5-32bit Operating systems & Components / Operating system package or component samba-ceph-debuginfo Operating systems & Components / Operating system package or component samba-ceph Operating systems & Components / Operating system package or component tevent-man Operating systems & Components / Operating system package or component tevent-debugsource Operating systems & Components / Operating system package or component tdb-tools-debuginfo Operating systems & Components / Operating system package or component tdb-tools Operating systems & Components / Operating system package or component tdb-debugsource Operating systems & Components / Operating system package or component talloc-man Operating systems & Components / Operating system package or component talloc-debugsource Operating systems & Components / Operating system package or component sssd-winbind-idmap-debuginfo Operating systems & Components / Operating system package or component sssd-winbind-idmap Operating systems & Components / Operating system package or component sssd-tools-debuginfo Operating systems & Components / Operating system package or component sssd-tools Operating systems & Components / Operating system package or component sssd-proxy-debuginfo Operating systems & Components / Operating system package or component sssd-proxy Operating systems & Components / Operating system package or component sssd-ldap-debuginfo Operating systems & Components / Operating system package or component sssd-ldap Operating systems & Components / Operating system package or component sssd-krb5-debuginfo Operating systems & Components / Operating system package or component sssd-krb5-common-debuginfo Operating systems & Components / Operating system package or component sssd-krb5-common Operating systems & Components / Operating system package or component sssd-krb5 Operating systems & Components / Operating system package or component sssd-ipa-debuginfo Operating systems & Components / Operating system package or component sssd-ipa Operating systems & Components / Operating system package or component sssd-debugsource Operating systems & Components / Operating system package or component sssd-dbus-debuginfo Operating systems & Components / Operating system package or component sssd-dbus Operating systems & Components / Operating system package or component sssd-common-debuginfo Operating systems & Components / Operating system package or component sssd-common Operating systems & Components / Operating system package or component sssd-ad-debuginfo Operating systems & Components / Operating system package or component sssd-ad Operating systems & Components / Operating system package or component sssd Operating systems & Components / Operating system package or component samba-winbind-libs-debuginfo Operating systems & Components / Operating system package or component samba-winbind-libs Operating systems & Components / Operating system package or component samba-winbind-debuginfo Operating systems & Components / Operating system package or component samba-winbind Operating systems & Components / Operating system package or component samba-tool Operating systems & Components / Operating system package or component samba-python3-debuginfo Operating systems & Components / Operating system package or component samba-python3 Operating systems & Components / Operating system package or component samba-libs-python3-debuginfo Operating systems & Components / Operating system package or component samba-libs-python3 Operating systems & Components / Operating system package or component samba-libs-debuginfo Operating systems & Components / Operating system package or component samba-libs Operating systems & Components / Operating system package or component samba-ldb-ldap-debuginfo Operating systems & Components / Operating system package or component samba-ldb-ldap Operating systems & Components / Operating system package or component samba-gpupdate Operating systems & Components / Operating system package or component samba-dsdb-modules-debuginfo Operating systems & Components / Operating system package or component samba-dsdb-modules Operating systems & Components / Operating system package or component samba-devel Operating systems & Components / Operating system package or component samba-client-libs-debuginfo Operating systems & Components / Operating system package or component samba-client-libs Operating systems & Components / Operating system package or component samba-client-debuginfo Operating systems & Components / Operating system package or component samba-client Operating systems & Components / Operating system package or component samba-ad-dc-libs-debuginfo Operating systems & Components / Operating system package or component samba-ad-dc-libs Operating systems & Components / Operating system package or component samba Operating systems & Components / Operating system package or component python3-tevent-debuginfo Operating systems & Components / Operating system package or component python3-tevent Operating systems & Components / Operating system package or component python3-tdb-debuginfo Operating systems & Components / Operating system package or component python3-tdb Operating systems & Components / Operating system package or component python3-talloc-devel Operating systems & Components / Operating system package or component python3-talloc-debuginfo Operating systems & Components / Operating system package or component python3-talloc Operating systems & Components / Operating system package or component python3-sssd-config-debuginfo Operating systems & Components / Operating system package or component python3-sssd-config Operating systems & Components / Operating system package or component python3-ldb-devel Operating systems & Components / Operating system package or component python3-ldb-debuginfo Operating systems & Components / Operating system package or component python3-ldb Operating systems & Components / Operating system package or component python3-apparmor-debuginfo Operating systems & Components / Operating system package or component python3-apparmor Operating systems & Components / Operating system package or component perl-apparmor-debuginfo Operating systems & Components / Operating system package or component perl-apparmor Operating systems & Components / Operating system package or component pam_apparmor-debuginfo Operating systems & Components / Operating system package or component pam_apparmor Operating systems & Components / Operating system package or component libtevent0-debuginfo Operating systems & Components / Operating system package or component libtevent0 Operating systems & Components / Operating system package or component libtevent-devel Operating systems & Components / Operating system package or component libtdb1-debuginfo Operating systems & Components / Operating system package or component libtdb1 Operating systems & Components / Operating system package or component libtdb-devel Operating systems & Components / Operating system package or component libtalloc2-debuginfo Operating systems & Components / Operating system package or component libtalloc2 Operating systems & Components / Operating system package or component libtalloc-devel Operating systems & Components / Operating system package or component libsss_simpleifp0-debuginfo Operating systems & Components / Operating system package or component libsss_simpleifp0 Operating systems & Components / Operating system package or component libsss_simpleifp-devel Operating systems & Components / Operating system package or component libsss_nss_idmap0-debuginfo Operating systems & Components / Operating system package or component libsss_nss_idmap0 Operating systems & Components / Operating system package or component libsss_nss_idmap-devel Operating systems & Components / Operating system package or component libsss_idmap0-debuginfo Operating systems & Components / Operating system package or component libsss_idmap0 Operating systems & Components / Operating system package or component libsss_idmap-devel Operating systems & Components / Operating system package or component libsss_certmap0-debuginfo Operating systems & Components / Operating system package or component libsss_certmap0 Operating systems & Components / Operating system package or component libsss_certmap-devel Operating systems & Components / Operating system package or component libsamba-policy0-python3-debuginfo Operating systems & Components / Operating system package or component libsamba-policy0-python3 Operating systems & Components / Operating system package or component libsamba-policy-python3-devel Operating systems & Components / Operating system package or component libsamba-policy-devel Operating systems & Components / Operating system package or component libldb2-debuginfo Operating systems & Components / Operating system package or component libldb2 Operating systems & Components / Operating system package or component libldb-devel Operating systems & Components / Operating system package or component libipa_hbac0-debuginfo Operating systems & Components / Operating system package or component libipa_hbac0 Operating systems & Components / Operating system package or component libipa_hbac-devel Operating systems & Components / Operating system package or component libapparmor1-debuginfo Operating systems & Components / Operating system package or component libapparmor1 Operating systems & Components / Operating system package or component libapparmor-devel Operating systems & Components / Operating system package or component libapparmor-debugsource Operating systems & Components / Operating system package or component ldb-tools-debuginfo Operating systems & Components / Operating system package or component ldb-tools Operating systems & Components / Operating system package or component ldb-debugsource Operating systems & Components / Operating system package or component krb5-plugin-preauth-spake-debuginfo Operating systems & Components / Operating system package or component krb5-plugin-preauth-spake Operating systems & Components / Operating system package or component krb5-plugin-preauth-pkinit-debuginfo Operating systems & Components / Operating system package or component krb5-plugin-preauth-pkinit Operating systems & Components / Operating system package or component krb5-plugin-preauth-otp-debuginfo Operating systems & Components / Operating system package or component krb5-plugin-preauth-otp Operating systems & Components / Operating system package or component krb5-devel Operating systems & Components / Operating system package or component krb5-client-debuginfo Operating systems & Components / Operating system package or component krb5-client Operating systems & Components / Operating system package or component krb5 Operating systems & Components / Operating system package or component apparmor-parser-debuginfo Operating systems & Components / Operating system package or component apparmor-parser Operating systems & Components / Operating system package or component samba-debugsource Operating systems & Components / Operating system package or component samba-debuginfo Operating systems & Components / Operating system package or component samba-ad-dc-debuginfo Operating systems & Components / Operating system package or component samba-ad-dc Operating systems & Components / Operating system package or component krb5-server-debuginfo Operating systems & Components / Operating system package or component krb5-server Operating systems & Components / Operating system package or component krb5-plugin-kdb-ldap-debuginfo Operating systems & Components / Operating system package or component krb5-plugin-kdb-ldap Operating systems & Components / Operating system package or component krb5-debugsource Operating systems & Components / Operating system package or component krb5-debuginfo Operating systems & Components / Operating system package or component apparmor-debugsource Operating systems & Components / Operating system package or component apache2-mod_apparmor-debuginfo Operating systems & Components / Operating system package or component apache2-mod_apparmor Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU51702

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-27840

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing DNs inside bind requests. A remote attacker can send specially crafted LDAP request to Samba AD DC LDAP server, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for Python2: 15-SP3

SUSE Linux Enterprise High Availability: 15-SP3

SUSE Linux Enterprise Micro: 5.1

SUSE Linux Enterprise Module for Basesystem: 15-SP3

SUSE Linux Enterprise Module for Server Applications: 15-SP3

ctdb-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

ctdb: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

apparmor-utils-lang: before 2.13.6-150300.3.11.2

apparmor-utils: before 2.13.6-150300.3.11.2

apparmor-profiles: before 2.13.6-150300.3.11.2

apparmor-parser-lang: before 2.13.6-150300.3.11.2

apparmor-docs: before 2.13.6-150300.3.11.2

apparmor-abstractions: before 2.13.6-150300.3.11.2

samba-winbind-libs-32bit-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-winbind-libs-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs-32bit-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-devel-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-libs-32bit-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-libs-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-32bit-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc-libs-32bit-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc-libs-32bit: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

pam_apparmor-32bit-debuginfo: before 2.13.6-150300.3.11.2

pam_apparmor-32bit: before 2.13.6-150300.3.11.2

libtevent0-32bit-debuginfo: before 0.11.0-150300.3.3.2

libtevent0-32bit: before 0.11.0-150300.3.3.2

libtdb1-32bit-debuginfo: before 1.4.4-150300.3.3.2

libtdb1-32bit: before 1.4.4-150300.3.3.2

libtalloc2-32bit-debuginfo: before 2.3.3-150300.3.3.2

libtalloc2-32bit: before 2.3.3-150300.3.3.2

libldb2-32bit-debuginfo: before 2.4.1-150300.3.10.1

libldb2-32bit: before 2.4.1-150300.3.10.1

libapparmor1-32bit-debuginfo: before 2.13.6-150300.3.11.1

libapparmor1-32bit: before 2.13.6-150300.3.11.1

krb5-32bit-debuginfo: before 1.19.2-150300.8.3.2

krb5-32bit: before 1.19.2-150300.8.3.2

samba-ceph-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ceph: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

tevent-man: before 0.11.0-150300.3.3.1

tevent-debugsource: before 0.11.0-150300.3.3.2

tdb-tools-debuginfo: before 1.4.4-150300.3.3.2

tdb-tools: before 1.4.4-150300.3.3.2

tdb-debugsource: before 1.4.4-150300.3.3.2

talloc-man: before 2.3.3-150300.3.3.1

talloc-debugsource: before 2.3.3-150300.3.3.2

sssd-winbind-idmap-debuginfo: before 1.16.1-150300.23.17.3

sssd-winbind-idmap: before 1.16.1-150300.23.17.3

sssd-tools-debuginfo: before 1.16.1-150300.23.17.3

sssd-tools: before 1.16.1-150300.23.17.3

sssd-proxy-debuginfo: before 1.16.1-150300.23.17.3

sssd-proxy: before 1.16.1-150300.23.17.3

sssd-ldap-debuginfo: before 1.16.1-150300.23.17.3

sssd-ldap: before 1.16.1-150300.23.17.3

sssd-krb5-debuginfo: before 1.16.1-150300.23.17.3

sssd-krb5-common-debuginfo: before 1.16.1-150300.23.17.3

sssd-krb5-common: before 1.16.1-150300.23.17.3

sssd-krb5: before 1.16.1-150300.23.17.3

sssd-ipa-debuginfo: before 1.16.1-150300.23.17.3

sssd-ipa: before 1.16.1-150300.23.17.3

sssd-debugsource: before 1.16.1-150300.23.17.3

sssd-dbus-debuginfo: before 1.16.1-150300.23.17.3

sssd-dbus: before 1.16.1-150300.23.17.3

sssd-common-debuginfo: before 1.16.1-150300.23.17.3

sssd-common: before 1.16.1-150300.23.17.3

sssd-ad-debuginfo: before 1.16.1-150300.23.17.3

sssd-ad: before 1.16.1-150300.23.17.3

sssd: before 1.16.1-150300.23.17.3

samba-winbind-libs-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-winbind-libs: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-winbind-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-winbind: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-tool: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-python3-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-python3: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs-python3-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs-python3: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-libs: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ldb-ldap-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ldb-ldap: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-gpupdate: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-dsdb-modules-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-dsdb-modules: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-devel: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-libs-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-libs: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-client: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc-libs-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc-libs: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

python3-tevent-debuginfo: before 0.11.0-150300.3.3.2

python3-tevent: before 0.11.0-150300.3.3.2

python3-tdb-debuginfo: before 1.4.4-150300.3.3.2

python3-tdb: before 1.4.4-150300.3.3.2

python3-talloc-devel: before 2.3.3-150300.3.3.2

python3-talloc-debuginfo: before 2.3.3-150300.3.3.2

python3-talloc: before 2.3.3-150300.3.3.2

python3-sssd-config-debuginfo: before 1.16.1-150300.23.17.3

python3-sssd-config: before 1.16.1-150300.23.17.3

python3-ldb-devel: before 2.4.1-150300.3.10.1

python3-ldb-debuginfo: before 2.4.1-150300.3.10.1

python3-ldb: before 2.4.1-150300.3.10.1

python3-apparmor-debuginfo: before 2.13.6-150300.3.11.2

python3-apparmor: before 2.13.6-150300.3.11.2

perl-apparmor-debuginfo: before 2.13.6-150300.3.11.2

perl-apparmor: before 2.13.6-150300.3.11.2

pam_apparmor-debuginfo: before 2.13.6-150300.3.11.2

pam_apparmor: before 2.13.6-150300.3.11.2

libtevent0-debuginfo: before 0.11.0-150300.3.3.2

libtevent0: before 0.11.0-150300.3.3.2

libtevent-devel: before 0.11.0-150300.3.3.2

libtdb1-debuginfo: before 1.4.4-150300.3.3.2

libtdb1: before 1.4.4-150300.3.3.2

libtdb-devel: before 1.4.4-150300.3.3.2

libtalloc2-debuginfo: before 2.3.3-150300.3.3.2

libtalloc2: before 2.3.3-150300.3.3.2

libtalloc-devel: before 2.3.3-150300.3.3.2

libsss_simpleifp0-debuginfo: before 1.16.1-150300.23.17.3

libsss_simpleifp0: before 1.16.1-150300.23.17.3

libsss_simpleifp-devel: before 1.16.1-150300.23.17.3

libsss_nss_idmap0-debuginfo: before 1.16.1-150300.23.17.3

libsss_nss_idmap0: before 1.16.1-150300.23.17.3

libsss_nss_idmap-devel: before 1.16.1-150300.23.17.3

libsss_idmap0-debuginfo: before 1.16.1-150300.23.17.3

libsss_idmap0: before 1.16.1-150300.23.17.3

libsss_idmap-devel: before 1.16.1-150300.23.17.3

libsss_certmap0-debuginfo: before 1.16.1-150300.23.17.3

libsss_certmap0: before 1.16.1-150300.23.17.3

libsss_certmap-devel: before 1.16.1-150300.23.17.3

libsamba-policy0-python3-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

libsamba-policy0-python3: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

libsamba-policy-python3-devel: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

libsamba-policy-devel: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

libldb2-debuginfo: before 2.4.1-150300.3.10.1

libldb2: before 2.4.1-150300.3.10.1

libldb-devel: before 2.4.1-150300.3.10.1

libipa_hbac0-debuginfo: before 1.16.1-150300.23.17.3

libipa_hbac0: before 1.16.1-150300.23.17.3

libipa_hbac-devel: before 1.16.1-150300.23.17.3

libapparmor1-debuginfo: before 2.13.6-150300.3.11.1

libapparmor1: before 2.13.6-150300.3.11.1

libapparmor-devel: before 2.13.6-150300.3.11.1

libapparmor-debugsource: before 2.13.6-150300.3.11.1

ldb-tools-debuginfo: before 2.4.1-150300.3.10.1

ldb-tools: before 2.4.1-150300.3.10.1

ldb-debugsource: before 2.4.1-150300.3.10.1

krb5-plugin-preauth-spake-debuginfo: before 1.19.2-150300.8.3.2

krb5-plugin-preauth-spake: before 1.19.2-150300.8.3.2

krb5-plugin-preauth-pkinit-debuginfo: before 1.19.2-150300.8.3.2

krb5-plugin-preauth-pkinit: before 1.19.2-150300.8.3.2

krb5-plugin-preauth-otp-debuginfo: before 1.19.2-150300.8.3.2

krb5-plugin-preauth-otp: before 1.19.2-150300.8.3.2

krb5-devel: before 1.19.2-150300.8.3.2

krb5-client-debuginfo: before 1.19.2-150300.8.3.2

krb5-client: before 1.19.2-150300.8.3.2

krb5: before 1.19.2-150300.8.3.2

apparmor-parser-debuginfo: before 2.13.6-150300.3.11.2

apparmor-parser: before 2.13.6-150300.3.11.2

samba-debugsource: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc-debuginfo: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

samba-ad-dc: before 4.15.4+git.324.8332acf1a63-150300.3.25.3

krb5-server-debuginfo: before 1.19.2-150300.8.3.2

krb5-server: before 1.19.2-150300.8.3.2

krb5-plugin-kdb-ldap-debuginfo: before 1.19.2-150300.8.3.2

krb5-plugin-kdb-ldap: before 1.19.2-150300.8.3.2

krb5-debugsource: before 1.19.2-150300.8.3.2

krb5-debuginfo: before 1.19.2-150300.8.3.2

apparmor-debugsource: before 2.13.6-150300.3.11.2

apache2-mod_apparmor-debuginfo: before 2.13.6-150300.3.11.2

apache2-mod_apparmor: before 2.13.6-150300.3.11.2

CPE2.3

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20220283-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU51701

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-20277

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in ldb_handler_fold() function when processing multiple consecutive leading spaces within LDAP query. A remote user can send a specially crafted LDAP query, trigger out-of-bounds read error and crash the LDAP server.