Samba has released software updates to fix four security vulnerabilities that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
Samba software is used for file and print services for all clients using the SMB/CIFS protocol. Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.
The latest Samba security updates 4.10.17, 4.11.11, and 4.12.4 address four vulnerabilities CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303.
CVE-2020-10730
One of the security updates addresses an NULL pointer de-reference and use-after-free vulnerability CVE-2020-10730 in Samba AD DC LDAP Server with ASQ, VLV and paged_results.
According to Samba, “A client combining the ‘ASQ’ and ‘VLV’ LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba’s AD DC LDAP server.”
The issue is rated Medium severity and has a CVSS score of 6.5.
CVE-2020-10745
In addition, the second update fixes a vulnerability CVE-2020-10745 that could allow Parsing and packing of NBT and DNS packets to consume excessive CPU in the AD DC (only).
According to Samba, “compression of replies to NetBIOS over TCP/IP name resolution and DNS packets (which can be supplied as UDP requests) can be abused to consume excessive amounts of CPU on the Samba AD DC (only).”
The issue is rated High severity and has a CVSS score of 7.5.
CVE-2020-10760
To add, the third update fixes a LDAP Use-after-free vulnerability CVE-2020-10760 in Samba AD DC Global Catalog with paged_results and VLV.
According to Samba, “compression of replies to NetBIOS over TCP/IP name resolution and DNS packets (which can be supplied as UDP requests) can be abused to consume excessive amounts of CPU on the Samba AD DC (only).”
The issue is rated Medium severity and has a CVSS score of 6.5.
CVE-2020-14303
Finally, the fourth update addresses an Empty UDP packet DoS vulnerability CVE-2020-14303 in Samba AD DC nbtd.
According to Samba, “the AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives a empty (zero-length) UDP packet to port 137.”
The issue is rated High severity and has a CVSS score of 7.5.