Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2463-1:1381E
HistoryNov 23, 2020 - 3:18 a.m.

[SECURITY] [DLA 2463-1] samba security update

2020-11-2303:18:54
lists.debian.org
68

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.024 Low

EPSS

Percentile

89.8%

JSON

Debian LTS Advisory DLA-2463-1 [email protected]
https://www.debian.org/lts/security/ Roberto C. Sánchez
November 22, 2020 https://wiki.debian.org/LTS

Package : samba
Version : 2:4.5.16+dfsg-1+deb9u3
CVE ID : CVE-2020-1472 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745
CVE-2020-10760 CVE-2020-14303 CVE-2020-14318 CVE-2020-14323
CVE-2020-14383

Multiple vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix.

CVE-2020-1472

Unauthenticated domain controller compromise by subverting Netlogon
cryptography.  This vulnerability includes both ZeroLogon and
non-ZeroLogon variations.

CVE-2020-10704

An unauthorized user can trigger a denial of service via a stack
overflow in the AD DC LDAP server.

CVE-2020-10730

NULL pointer de-reference and use-after-free in Samba AD DC LDAP
Server with ASQ, VLV and paged_results.

CVE-2020-10745

Denial of service resulting from abuse of compression of replies to
NetBIOS over TCP/IP name resolution and DNS packets causing excessive
CPU load on the Samba AD DC.

CVE-2020-10760

The use of the paged_results or VLV controls against the Global
Catalog LDAP server on the AD DC will cause a use-after-free.

CVE-2020-14303

Denial of service resulting from CPU spin and and inability to
process further requests once the AD DC NBT server receives an empty
(zero-length) UDP packet to port 137.

CVE-2020-14318

Missing handle permissions check in ChangeNotify

CVE-2020-14323

Unprivileged user can crash winbind via invalid lookupsids DoS

CVE-2020-14383

DNS server crash via invalid records resulting from uninitialized
variables

For Debian 9 stretch, these problems have been fixed in version
2:4.5.16+dfsg-1+deb9u3.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/samba

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9arm64samba-common-bin< 2:4.5.16+dfsg-1+deb9u3samba-common-bin_2:4.5.16+dfsg-1+deb9u3_arm64.deb
Debian9i386samba-dev< 2:4.5.16+dfsg-1+deb9u3samba-dev_2:4.5.16+dfsg-1+deb9u3_i386.deb
Debian9allsamba< 2:4.5.16+dfsg-1+deb9u3samba_2:4.5.16+dfsg-1+deb9u3_all.deb
Debian9armhfsmbclient< 2:4.5.16+dfsg-1+deb9u3smbclient_2:4.5.16+dfsg-1+deb9u3_armhf.deb
Debian9amd64libnss-winbind< 2:4.5.16+dfsg-1+deb9u3libnss-winbind_2:4.5.16+dfsg-1+deb9u3_amd64.deb
Debian9i386samba-libs< 2:4.5.16+dfsg-1+deb9u3samba-libs_2:4.5.16+dfsg-1+deb9u3_i386.deb
Debian9arm64python-samba< 2:4.5.16+dfsg-1+deb9u3python-samba_2:4.5.16+dfsg-1+deb9u3_arm64.deb
Debian9armhfsamba-dev< 2:4.5.16+dfsg-1+deb9u3samba-dev_2:4.5.16+dfsg-1+deb9u3_armhf.deb
Debian9armhfsamba-common-bin< 2:4.5.16+dfsg-1+deb9u3samba-common-bin_2:4.5.16+dfsg-1+deb9u3_armhf.deb
Debian9i386libpam-winbind< 2:4.5.16+dfsg-1+deb9u3libpam-winbind_2:4.5.16+dfsg-1+deb9u3_i386.deb
Rows per page:
1-10 of 971

Related

openvas 55
nessus 76
osv 7
cisa 1
fedora 6
altlinux 2
gentoo 2
freebsd 2
mageia 2
suse 5
rosalinux 2
ubuntu 3
f5 1
almalinux 2
centos 1
rocky 1
oraclelinux 2
amazon 3
redhat 3
ibm 4
debian 1
veracode 2
samba 3
prion 2
debiancve 2
ubuntucve 2
redhatcve 2
cve 2
alpinelinux 3
openvas
openvas
Debian: Security Advisory (DLA-2463-1)
2020-11-23 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1625)
2021-03-12 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-2168)
2021-07-07 00:00:00
nessus
nessus
Debian DLA-2463-1 : samba security update
2020-11-23 00:00:00
EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2021-1625)
2021-03-10 00:00:00
EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2021-2168)
2021-07-06 00:00:00
osv
osv
samba - security update
2020-11-22 00:00:00
samba vulnerabilities
2020-11-02 13:56:36
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
cisa
cisa
Samba Releases Security Updates
2020-07-03 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: samba-4.12.5-0.fc32
2020-07-04 01:14:40
[SECURITY] Fedora 31 Update: samba-4.11.11-0.fc31
2020-07-18 01:09:09
[SECURITY] Fedora 31 Update: libldb-2.0.12-1.fc31
2020-07-18 01:09:08
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.11.11-alt1
2020-07-07 00:00:00
Security fix for the ALT Linux 10 package samba version 4.12.9-alt1
2020-10-29 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-07-26 00:00:00
Samba: Multiple vulnerabilities
2020-12-24 00:00:00
freebsd
freebsd
samba -- Multiple Vulnerabilities
2020-07-02 00:00:00
samba -- Multiple Vulnerabilities
2020-10-29 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2020-07-10 11:01:08
Updated samba packages fix security vulnerabilities
2020-11-10 18:20:00
suse
suse
Security update for samba (important)
2020-07-18 00:00:00
Security update for ldb, samba (important)
2020-09-01 00:00:00
Security update for ldb, samba (important)
2020-07-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1967
2021-07-02 18:07:38
Advisory ROSA-SA-2024-2386
2024-04-02 07:01:49
ubuntu
ubuntu
Samba vulnerabilities
2020-07-02 00:00:00
Samba vulnerabilities
2020-11-02 00:00:00
Samba vulnerabilities
2021-05-03 00:00:00
f5
f5
K93951507 : Multiple Samba vulnerabilities
2021-04-06 00:00:00
almalinux
almalinux
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
Moderate: libldb security, bug fix, and enhancement update
2020-11-03 12:16:33
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2020-12-18 00:19:11
rocky
rocky
samba security, bug fix, and enhancement update
2021-05-18 05:44:25
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2021-05-25 00:00:00
samba security and bug fix update
2020-12-16 00:00:00
amazon
amazon
Critical: samba
2021-06-16 20:36:00
Critical: samba
2021-01-12 22:51:00
Critical: samba
2021-01-05 23:34:00
redhat
redhat
(RHSA-2020:5439) Moderate: samba security and bug fix update
2020-12-15 09:01:31
(RHSA-2021:1647) Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
(RHSA-2021:3723) Moderate: samba security, bug fix and enhancement update
2021-10-05 04:55:51
ibm
ibm
Security Bulletin: Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method.
2021-01-25 05:03:53
Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318
2020-11-11 20:50:06
Security Bulletin: Multiple vulnerabilities found in Spectrum Scale affect IBM Cloud Pak System
2021-05-19 17:27:44
debian
debian
[SECURITY] [DLA 3792-1] samba security update
2024-04-22 15:05:00
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:27:10
Use-after-Free
2020-07-24 04:08:36
samba
samba
LDAP Denial of Service (stack overflow) in
2020-04-28 00:00:00
Empty UDP packet DoS in Samba AD DC nbtd
2020-07-02 00:00:00
LDAP Use-after-free in Samba AD DC Global Catalog with
2020-07-02 00:00:00
prion
prion
Design/Logic Flaw
2020-12-02 01:15:00
Design/Logic Flaw
2020-07-06 19:15:00
debiancve
debiancve
CVE-2020-14303
2020-07-06 18:15:00
CVE-2020-10760
2020-07-06 19:15:00
ubuntucve
ubuntucve
CVE-2020-14303
2020-07-06 00:00:00
CVE-2020-10704
2020-04-28 00:00:00
redhatcve
redhatcve
CVE-2020-14303
2020-07-02 09:50:50
CVE-2020-10760
2020-07-02 09:50:50
cve
cve
CVE-2020-10704
2020-05-06 14:15:00
CVE-2020-10730
2020-07-07 14:15:00
alpinelinux
alpinelinux
CVE-2020-10730
2020-07-07 14:15:00
CVE-2020-10704
2020-05-06 14:15:00
CVE-2020-10760
2020-07-06 19:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.024 Low

EPSS

Percentile

89.8%

JSON
Related for DEBIAN:DLA-2463-1:1381E
openvas55nessus76osv7cisa1fedora6altlinux2gentoo2freebsd2mageia2suse5rosalinux2ubuntu3f51almalinux2centos1rocky1oraclelinux2amazon3redhat3ibm4debian1veracode2samba3prion2debiancve2ubuntucve2redhatcve2cve2alpinelinux3