7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
75.0%
A string in an LDAP attribute that contains multiple consecutive
leading spaces can lead to a memmove() of out of bounds memory in
ldb_handler_fold().
ldb_handler_fold() is used by case insensitive strings - that is most
string attributes - in Active Directory.
As the search expression is normalised prior to matching any potential
objects this in turn may crash the LDAP server process
handling the request. It may be possible to leak the out of bounds
memory by matching against it, but this is thought to be unlikely.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) have
been issued as security releases to correct the defect. Samba administrators
are advised to upgrade to these releases or apply the patch as soon as possible.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H (7.1)
To disable the LDAP server set ‘server services = -ldap’ in the
smb.conf and restart Samba. This will substantially reduce the
utility of the AD DC.
Found with the help of Honggfuzz.
Originally reported by Douglas Bagnall of Catalyst and the Samba Team.
Patches provided by and advisory written by Douglas Bagnall and
Andrew Bartlett of Catalyst and the Samba team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
75.0%