The Samba-Bugzilla – Attachment 16531 Details for
Bug 14655
CVE-2021-20277 [SECURITY] out of bounds read in ldb_handler_fold
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated advisory v2 incl. versions
CVE-2021-20277-ldb_handler_fold-advisory-v2.txt (text/plain), 2.00 KB, created by
Karolin Seeger
on 2021-03-12 08:56:27 UTC
(
hide
)
Description:
Updated advisory v2 incl. versions
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2021-03-12 08:56:27 UTC
Size:
2.00 KB
patch
obsolete
>=========================================================== >== Subject: Out of bounds read in AD DC LDAP server >== >== CVE ID#: CVE-2021-20277 >== >== Versions: All versions of Samba since Samba 4.0 >== >== Summary: User-controlled LDAP filter strings against >== the AD DC LDAP server may crash the LDAP server. >=========================================================== > >=========== >Description >=========== > >A string in an LDAP attribute that contains multiple consecutive >leading spaces can lead to a memmove() of out of bounds memory in >ldb_handler_fold(). > >ldb_handler_fold() is used by case insensitive strings - that is most >string attributes - in Active Directory. > >As the search expression is normalised prior to matching any potential >objects this in turn may crash the LDAP server process >handling the request. It may be possible to leak the out of bounds >memory by matching against it, but this is thought to be unlikely. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.14.1, 4.13.6 and 4.12.13 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H (7.1) > >========== >Workaround >========== > >To disable the LDAP server set 'server services = -ldap' in the >smb.conf and restart Samba. This will substantially reduce the >utility of the AD DC. > >======= >Credits >======= > >Found with the help of Honggfuzz. > >Originally reported by Douglas Bagnall of Catalyst and the Samba Team. > >Patches provided by and advisory written by Douglas Bagnall and >Andrew Bartlett of Catalyst and the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
dbagnall
:
review+
abartlet
:
review+
Actions:
View
Attachments on
bug 14655
:
16500
|
16501
|
16518
|
16525
|
16526
|
16527
|
16528
|
16529
| 16531