The Samba-Bugzilla – Attachment 16073 Details for
Bug 14417
CVE-2020-14303 [SECURITY] Endless loop from empty UDP packet sent to AD DC nbt_server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory v2
CVE-2020-14303-empty-udp-02.txt (text/plain), 1.92 KB, created by
Andrew Bartlett
on 2020-06-24 08:05:39 UTC
(
hide
)
Description:
Advisory v2
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2020-06-24 08:05:39 UTC
Size:
1.92 KB
patch
obsolete
>=========================================================== >== Subject: Empty UDP packet DoS in Samba AD DC nbtd >== >== CVE ID#: CVE-2020-14303 >== >== Versions: All Samba versions since Samba 4.0.0 >== >== Summary: The NBT server in Samba 4.0 will enter a >== CPU spin and not process further requests >== once it receives a empty (zero-length) UDP >== packet to port 137. >=========================================================== > >=========== >Description >=========== > >The NetBIOS over TCP/IP name resolution protocol is implemented >as a UDP datagram on port 137. > >The AD DC client and server-side processing code for NBT name resolution >will enter a tight loop if a UDP packet with 0 data length is >received. The client for this case is only found in the AD DC side of >the codebase, not that used by the the member server or file server. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba Samba 4.10.17, 4.11.11, and 4.12.4 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) > >========================= >Workaround and mitigation >========================= > >The NBT server (port 139) is provided by nmbd in the >file-server configuration, which is not impacted by this issue. > >In the AD DC, the NBT server can be disabled with >'disable netbios = yes'. > >======= >Credits >======= > >Originally reported by $REPORTER. > >Patches provided by Gary Lockyer of Catalyst and the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gary
:
review+
Actions:
View
Attachments on
bug 14417
:
16070
|
16071
|
16072
|
16073
|
16075
|
16076
|
16077
|
16078
|
16079
|
16080
|
16081
|
16082
|
16083
|
16084
|
16085
|
16086
|
16087
|
16092