CVE-2020-10704
First published: Wed May 06 2020(Updated: )
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | >=4.0.0<4.10.15 | |
| Samba | >=4.11.0<4.11.8 | |
| Samba | >=4.12.0<4.12.2 | |
| Fedora | =30 | |
| Fedora | =31 | |
| openSUSE | =15.2 | |
| Debian | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10704.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
Frequently Asked Questions
What is the severity of CVE-2020-10704?
CVE-2020-10704 has a severity rating that indicates a high risk for denial of service due to a stack overflow vulnerability.
How do I fix CVE-2020-10704?
To fix CVE-2020-10704, you should upgrade your Samba installation to a version that is not affected, such as Samba 4.10.15 or later.
What software is affected by CVE-2020-10704?
CVE-2020-10704 affects various versions of Samba along with specific Fedora and openSUSE releases.
What kind of attack does CVE-2020-10704 enable?
CVE-2020-10704 allows an unauthorized user to cause a stack overflow, potentially leading to a denial of service attack.
Is there a workaround for CVE-2020-10704?
There are no known effective workarounds for CVE-2020-10704, and upgrading the software is the recommended approach to mitigate the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba
- version/samba/4.0.0
- version/samba/4.11.0
- version/samba/4.12.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/30
- version/fedora/31
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.2
- vendor/debian
- canonical/debian
- version/debian/9.0