CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x
before 4.11.5 have an issue where if it is set with “log level = 3” (or
above) then the string obtained from the client, after a failed character
conversion, is printed. Such strings can be provided during the NTLMSSP
authentication exchange. In the Samba AD DC in particular, this may cause a
long-lived process(such as the RPC server) to terminate. (In the file
server case, the most likely target, smbd, operates as process-per-client
and so a crash there is harmless).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | samba | < 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 | UNKNOWN |
ubuntu | 19.04 | noarch | samba | < 2:4.10.0+dfsg-0ubuntu2.8 | UNKNOWN |
ubuntu | 19.10 | noarch | samba | < 2:4.10.7+dfsg-0ubuntu2.4 | UNKNOWN |
ubuntu | 20.04 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | samba | < 2:4.11.5+dfsg-1ubuntu1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%