The Samba-Bugzilla – Attachment 15951 Details for
Bug 14364
CVE-2020-10730 [SECURITY] NULL de-reference in AD DC LDAP server when ASQ and VLV combined
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
initail advisory
CVE-2020-XXXXX-ASQ-vlv-advisory-v1.txt (text/plain), 2.04 KB, created by
Andrew Bartlett
on 2020-05-05 05:30:25 UTC
(
hide
)
Description:
initail advisory
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2020-05-05 05:30:25 UTC
Size:
2.04 KB
patch
obsolete
>=========================================================== >== Subject: NULL pointer de-reference in Samba AD DC >== LDAP Server with ASQ >== >== CVE ID#: CVE-2020-XXXX >== >== Versions: Samba 4.5.0 and later >== >== Summary: A client combining the 'ASQ' and 'VLV' LDAP > controls can cause a use-after-free in Samba's AD DC > LDAP server >=========================================================== > >=========== >Description >=========== > >Samba has, since Samba 4.5, supported the VLV Active Directory LDAP >feature, to allow clients to obtain 'virtual list views' of search >results against a Samba AD DC using an LDAP control. > >The combination of this control, and the ASQ control combines to allow >an authenticated user to trigger a NULL-pointer de-reference. It may >also be possible to trigger a use-after-free, as the code is very >similar to that addressed by CVE-2020-10700. > > >================== >Patch Availability >================== > >Patches addressing both of these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.10.X, 4.11.X and 4.12.X have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========================= >Workaround and mitigation >========================= > >None. The possible use-after-free is consdiered hard to trigger, and >relies in particular on the chain of child and grandchild links being >queried with ASQ. Malicious users without write access will need to >find a suitable chain within the existing directory layout. > >======= >Credits >======= > >Originally reported by Andrew Bartlett of Catalyst and the Samba Team > >Patches provided by Andrew Bartlett of Catalyst and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15951">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14364
:
15951
|
15952
|
15983
|
15987
|
15998
|
16002
|
16003
|
16004
|
16005
|
16007
|
16008
|
16009
|
16056
|
16067
|
16089