| VID |
23312 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.11.x prior to 4.11.8. It is, therefore, affected by multiple vulnerabilities:
- A flaw exists related to handling 'ASQ' and 'Paged Results' LDAP controls that could allow use-after-free conditions having unspecified impact. (CVE-2020-10700)
- A flaw exists related to handling deeply nested filters, un-authenticated LDAP searches, and stack memory that could allow application crashes. (CVE-2020-10704)
* References:
https://www.samba.org/samba/security/CVE-2020-10700.html
https://www.samba.org/samba/security/CVE-2020-10704.html
* Platforms Affected:
Samba Project, Samba versions 4.11.x before 4.11.8
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.11.8 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2020-10700,CVE-2020-10704 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
