Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-14303

Опубликовано: 02 июл. 2020
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Отчет

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux and Red Hat Gluster Storage 3 because there is no support for samba as Active Directory Domain Controller.

Меры по смягчению последствий

The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137. The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the AD DC side of the codebase, not that used by the the member server or file server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaNot affected
Red Hat Enterprise Linux 5samba3xNot affected
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Storage 3sambaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1851298samba: Empty UDP packet DoS in Samba AD DC nbtd

EPSS

Процентиль: 96%
0.26119
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-14303

CVSS3: 7.5
ubuntu
больше 5 лет назад

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

nvd логотип

CVE-2020-14303

CVSS3: 7.5
nvd
больше 5 лет назад

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

debian логотип

CVE-2020-14303

CVSS3: 7.5
debian
больше 5 лет назад

A flaw was found in the AD DC NBT server in all Samba versions before ...

github логотип

GHSA-gm89-9qf3-7p24

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

fstec логотип

BDU:2021-01740

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость AD DC пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 96%
0.26119
Средний

7.5 High

CVSS3