CVE-2020-14303

Description

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Related CPE's

asambasamba********

asambasamba********

asambasamba********

ofedoraprojectfedora31*******

oopensuseleap15.1*******

oopensuseleap15.2*******

odebiandebian_linux9.0*******

ocanonicalubuntu_linux18.04***lts***

ocanonicalubuntu_linux14.04***esm***

ocanonicalubuntu_linux20.04***lts***

References

https://bugzilla.redhat.com/show_bug.cgi?id=1851298;

Issue TrackingThird Party Advisory

https://www.samba.org/samba/security/CVE-2020-14303.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20200709-0003/

Third Party Advisory

FEDORA-2020-5131d30947

Mailing ListThird Party Advisory

openSUSE-SU-2020:0984

Mailing ListThird Party Advisory

openSUSE-SU-2020:1023

Mailing ListThird Party Advisory

GLSA-202007-15

Third Party Advisory

USN-4454-2

Third Party Advisory

USN-4454-1

Third Party Advisory

openSUSE-SU-2020:1313

Mailing ListThird Party Advisory

[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io