Описание
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference, or possible use-after-free flaw was found in the Samba AD LDAP server. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Отчет
The version of samba shipped with Red Hat Gluster Storage 3 is built with a private copy of ldb which includes the vulnerable code. However, samba shipped with RHGS 3 is not supported for use as an AD DC and hence this issue has been rated as having a security impact of Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libldb | Out of support scope | ||
| Red Hat Enterprise Linux 6 | libldb | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libldb | Will not fix | ||
| Red Hat Enterprise Linux 8 | libldb | Fixed | RHSA-2020:4568 | 04.11.2020 |
| Red Hat Gluster Storage 3.5 for RHEL 7 | samba | Fixed | RHSA-2020:3118 | 23.07.2020 |
| Red Hat Gluster Storage 3.5 for RHEL 8 | samba | Fixed | RHSA-2020:3119 | 23.07.2020 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference, or possible use-after-free flaw was found ...
6.5 Medium
CVSS3