Mageia: 2020-0289 Moderate: Samba Remote Code Execution Advisory
mageia
July 10, 2020
Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries
Summary
Updated samba packages fix security vulnerabilities:
Andrew Bartlett discovered that Samba incorrectly handled certain LDAP
queries. A remote attacker could use this issue to cause Samba to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2020-10730).
Douglas Bagnall discovered that Samba incorrectly handled certain queries.
A remote attacker could possibly use this issue to cause a denial of
service (CVE-2020-10745).
Andrei Popa discovered that Samba incorrectly handled certain LDAP
queries. A remote attacker could use this issue to cause Samba to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2020-10760).
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further
requests once it receives a empty (zero-length) UDP packet to port 137
(CVE-2020-14303).
References
- https://bugs.mageia.org/show_bug.cgi?id=26893
-
-
-
-
-
- https://ubuntu.com/security/notices/USN-4409-1
- https://www.cve.org/CVERecord?id=CVE-2020-10730
- https://www.cve.org/CVERecord?id=CVE-2020-10745
- https://www.cve.org/CVERecord?id=CVE-2020-10760
- https://www.cve.org/CVERecord?id=CVE-2020-14303
Topics Covered
Resolution
SRPMS
- 7/core/ldb-1.5.8-1.mga7
- 7/core/samba-4.10.17-1.mga7
PREVIOUS
NEXT
Publication date: 10 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0289.html
Type: security
CVE: CVE-2020-10730,
CVE-2020-10745,
CVE-2020-10760,
CVE-2020-14303
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!