The Samba-Bugzilla – Attachment 16067 Details for
Bug 14364
CVE-2020-10730 [SECURITY] NULL de-reference in AD DC LDAP server when ASQ and VLV combined
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory v4
CVE-2020-10730-ASQ-vlv-advisory-v4.txt (text/plain), 2.06 KB, created by
Douglas Bagnall
on 2020-06-23 22:31:50 UTC
(
hide
)
Description:
advisory v4
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2020-06-23 22:31:50 UTC
Size:
2.06 KB
patch
obsolete
>=========================================================== >== Subject: NULL pointer de-reference and use-after-free >== in Samba AD DC LDAP Server with ASQ, VLV and >== paged_results >== >== CVE ID#: CVE-2020-10730 >== >== Versions: Samba 4.5.0 and later >== >== Summary: A client combining the 'ASQ' and 'VLV' LDAP >== controls can cause a NULL pointer de-reference and >== futher combinations with the LDAP paged_results >== feature can give a use-after-free in Samba's AD DC >== LDAP server. >=========================================================== > >=========== >Description >=========== > >Samba has, since Samba 4.5, supported the VLV Active Directory LDAP >feature, to allow clients to obtain 'virtual list views' of search >results against a Samba AD DC using an LDAP control. > >The combination of this control, and the ASQ control combines to allow >an authenticated user to trigger a NULL-pointer de-reference. It is >also possible to trigger a use-after-free, both as the code is very >similar to that addressed by CVE-2020-10700 and due to the way >errors are handled in the dsdb_paged_results module since Samba 4.10. > > >================== >Patch Availability >================== > >Patches addressing both of these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.10.17, 4.11.11 and 4.12.4 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5) > >========================= >Workaround and mitigation >========================= > >None. > >======= >Credits >======= > >Originally reported by Andrew Bartlett of Catalyst and the Samba Team > >Patches provided by Andrew Bartlett and Gary Lockyer of Catalyst and >the Samba Team > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14364
:
15951
|
15952
|
15983
|
15987
|
15998
|
16002
|
16003
|
16004
|
16005
|
16007
|
16008
|
16009
|
16056
|
16067
|
16089