Unrated severityNVD Advisory· Published May 6, 2020· Updated Aug 4, 2024
CVE-2020-10704
CVE-2020-10704
Description
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
Affected products
25- osv-coords24 versionspkg:rpm/opensuse/ldb&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.0.12-lp152.2.3.1+ 23 more
- (no CPE)range: < 2.0.12-lp152.2.3.1
- (no CPE)range: < 4.9.5+git.317.6d82fb3918b-lp151.2.24.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-lp152.3.3.1
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 2.0.12-3.3.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 4.9.5+git.317.6d82fb3918b-3.35.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.7.11+git.231.7f324c4d89e-4.40.1
- (no CPE)range: < 4.9.5+git.317.6d82fb3918b-3.35.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.7.11+git.231.7f324c4d89e-4.40.1
- (no CPE)range: < 4.7.11+git.231.7f324c4d89e-4.40.1
- (no CPE)range: < 4.9.5+git.317.6d82fb3918b-3.35.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.9.5+git.317.6d82fb3918b-3.35.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.7.11+git.231.7f324c4d89e-4.40.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.7.11+git.231.7f324c4d89e-4.40.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- Red Hat/sambav5Range: All versions before 4.10.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.htmlmitrevendor-advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.htmlmitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/mitrevendor-advisory
- security.gentoo.org/glsa/202007-15mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlmitremailing-list
- bugzilla.redhat.com/show_bug.cgimitre
- www.samba.org/samba/security/CVE-2020-10704.htmlmitre
News mentions
0No linked articles in our index yet.