The Samba-Bugzilla – Attachment 16383 Details for
Bug 14595
CVE-2020-27840 [SECURITY] Unauthenticated remote heap corruption via bad DNs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory v1
CVE-2020-27840.txt (text/plain), 1.81 KB, created by
Douglas Bagnall
on 2021-01-08 01:43:07 UTC
(
hide
)
Description:
Advisory v1
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2021-01-08 01:43:07 UTC
Size:
1.81 KB
patch
obsolete
>=========================================================== >== Subject: Heap corruption via crafted DN strings >== >== CVE ID#: CVE-2020-27840 >== >== Versions: All Samba versions since Samba 4.0.0 >== >== Summary: A crafted packet can cause anonymous remote >== heap corruption on the Samba AD DC LDAP server. >== This can trivially cause a denial of service; >== worse consequences are possible. >=========================================================== > >=========== >Description >=========== > >Due to an error in the function that parses the string representation >of DNs, certain DNs containing excessive whitespace will cause a zero >byte to be written outside of the allocated buffer. This is likely to >corrupt other data in memory and lead to a crash (or worse). > >An LDAP bind request can send a string DN as a username. This DN is >parsed before the password is checked, so an attacker does not need >proper credentials. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) > >========================= >Workaround and mitigation >========================= > >None. > >======= >Credits >======= > >Found and fixed by Douglas Bagnall of Catalyst and the Samba Team, >using Honggfuzz. > >Advisory written by Douglas Bagnall. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14595
:
16365
|
16366
|
16383
|
16441
|
16442
|
16444
|
16445
|
16446
|
16447
|
16448
|
16449
|
16460
|
16461
|
16462
|
16463
|
16464
|
16530
|
16547