[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-10704Date: (C)2020-05-07   (M)2023-12-22


A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
FEDORA-2020-9cf0b1c8f1
FEDORA-2020-e244c98af5
GLSA-202007-15
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
https://www.samba.org/samba/security/CVE-2020-10704.html
openSUSE-SU-2020:1023
openSUSE-SU-2020:1313

CPE    2
cpe:/o:debian:debian_linux:9.0
cpe:/a:samba:samba
CWE    1
CWE-674
OVAL    18
oval:org.secpod.oval:def:89003015
oval:org.secpod.oval:def:70117
oval:org.secpod.oval:def:70118
oval:org.secpod.oval:def:63490
...

© SecPod Technologies