6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.5%
Samba 4.5 and later implements VLV - Virtual List View, and Samba 4.10
and later reimplemented the paged_results control using similar code.
This code is more memory-efficient, storing only a pointer to the
object, not the returned object. However this means parts of the
original request must be retained
When these controls are used by a client that connects to the Global
Catalog server, these modules failed to correctly retain the control
data along with the request, causing a use-after-free and an abort
when this is detected by the talloc library.
NOTE WELL: Unsupported Samba versions before Samba 4.7 use a single
process for the LDAP servers.
All versions of Samba after Samba 4.11 use the ‘prefork’ process model
to create a shared connection pool. Crashing servers are restarted,
but service is disrupted.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.10.17, 4.11.11 and 4.12.4 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
By default, Samba 4.10 is run using the “standard” process model which
is one-process-per-client. (Later versions use ‘prefork’).
This is controlled by the -M or --model parameter to the samba binary.
All Samba versions are impacted if -M prefork or -M single is used. To
mitigate this issue, select -M standard (however this will use more
memory, and may cause resource exhaustion).
Originally reported by Andrei Popa <[email protected]> and
another anonymous reporter.
Advisory written by Andrew Bartlett of Catalyst and the Samba Team.
Patches provided by Andrew Bartlett of Catalyst and the Samba Team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
71.5%