CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%
If samba is set with “log level = 3” (or above) then the string
obtained from the client, after a failed character conversion, is
printed. Such strings can be provided during the NTLMSSP
authentication exchange.
In the Samba AD DC in particular, this may cause a long-lived process
(such as the RPC server) to terminate. (In the file server case, the
most likely target, smbd, operates as process-per-client and so a
crash there is harmless).
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.11.5, 4.10.12 and 4.9.18 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (6.5)
Do not set a log level of 3 or above in production.
Originally reported by Robert Święcki using a fuzzer he wrote.
Patches provided by Andrew Bartlett of the Samba team and Catalyst.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%