7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
79.1%
A DN may be represented in string form with arbitrary amounts of space
around the component values. These spaces are supposed to be ignored,
but invalid DNs strings with spaces may instead cause a zero byte to
be written into out-of-bounds memory.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker
without real credentials can anonymously trigger this bug.
The location of zero byte is a negative offset relative to the
location of a dynamically allocated heap buffer; the exact offset
depends on the DN string. While it is possible for an attacker to
cause non-fatal data corruption, usefully targeting this is likely to
be difficult and the most likely outcome is a crash.
The affected parsing routine is widely used. LDAP bind is not the only
way to trigger the bug remotely, though it appears to be the only
unauthenticated method.
For technical details of the vulnerability, see the patch and
the bug at https://bugzilla.samba.org/show_bug.cgi?id=14595.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) have
been issued as security releases to correct the defect. Samba administrators
are advised to upgrade to these releases or apply the patch as soon as possible.
CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5)
None.
Found and fixed by Douglas Bagnall of Catalyst and the Samba Team,
using Honggfuzz.
Advisory written by Douglas Bagnall.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
79.1%