CVE-2020-10730: Use After Free
First published: Mon Jun 22 2020(Updated: )
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba Samba | >=4.5.0<4.10.17 | |
| Samba Samba | >=4.11.0<4.11.11 | |
| Samba Samba | >=4.12.0<4.12.4 | |
| Redhat Storage | =3.0 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Fedoraproject Fedora | =31 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| ubuntu/samba | <2:4.11.6+dfsg-0ubuntu1.3 | 2:4.11.6+dfsg-0ubuntu1.3 |
| ubuntu/samba | <2:4.7.6+dfsg~ubuntu-0ubuntu2.17 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 |
| ubuntu/samba | <2:4.10.7+dfsg-0ubuntu2.6 | 2:4.10.7+dfsg-0ubuntu2.6 |
| ubuntu/samba | <4.10.17<4.11.10<4.12.4 | 4.10.17 4.11.10 4.12.4 |
| redhat/samba | <4.10.17 | 4.10.17 |
| redhat/samba | <4.11.11 | 4.11.11 |
| redhat/samba | <4.12.4 | 4.12.4 |
| debian/ldb | 2:1.5.1+really1.4.6-3+deb10u1 2:2.2.3-2~deb11u2 | |
| debian/samba | <=2:4.9.5+dfsg-5+deb10u3<=2:4.9.5+dfsg-5+deb10u4 | 2:4.13.13+dfsg-1~deb11u5 2:4.17.12+dfsg-0+deb12u1 2:4.19.4+dfsg-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1849489;
- https://www.samba.org/samba/security/CVE-2020-10730.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- https://security.gentoo.org/glsa/202007-15
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://www.debian.org/security/2021/dsa-4884
- https://launchpad.net/bugs/cve/CVE-2020-10730
- https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
- https://access.redhat.com/security/cve/CVE-2020-10700
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1853255
- https://github.com/samba-team/samba/commit/d8b9bb274b7e7a390cf3bda9cd732cb2227bdbde
- https://access.redhat.com/errata/RHSA-2020:3119
- https://access.redhat.com/errata/RHSA-2020:3118
- https://access.redhat.com/security/cve/cve-2020-10730
- https://access.redhat.com/errata/RHSA-2020:4568
- https://bugzilla.redhat.com/show_bug.cgi?id=1849489
- https://bugzilla.samba.org/show_bug.cgi?id=14364
- https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0
- https://security-tracker.debian.org/tracker/CVE-2020-10730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730
- https://ubuntu.com/security/notices/USN-4409-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-10730
- https://ubuntu.com/security/CVE-2020-10730
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-10730.
What is the severity of CVE-2020-10730?
The severity of CVE-2020-10730 is medium with a severity value of 6.5.
Which versions of Samba are affected by CVE-2020-10730?
Versions before 4.10.17, before 4.11.11, and before 4.12.4 of Samba are affected by CVE-2020-10730.
Which operating systems are affected by CVE-2020-10730?
Operating systems such as Red Hat Enterprise Linux, Ubuntu, openSUSE Leap, Fedora, and Debian Debian Linux are affected by CVE-2020-10730.
Where can I find more information about CVE-2020-10730?
You can find more information about CVE-2020-10730 at the following references: [Link 1](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html), [Link 2](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html), [Link 3](http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-10730
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- vendor/samba
- canonical/samba samba
- version/samba samba/4.5.0
- version/samba samba/4.11.0
- version/samba samba/4.12.0
- vendor/redhat
- canonical/redhat storage
- version/redhat storage/3.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/redhat
- package-manager/debian
- package-manager/ubuntu