CVE-2020-14383
First published: Thu Oct 29 2020(Updated: )
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <4.11.15 | 4.11.15 |
| redhat/samba | <4.12.9 | 4.12.9 |
| redhat/samba | <4.13.1 | 4.13.1 |
| Samba Samba | >=4.0.0<4.11.15 | |
| Samba Samba | >=4.12.0<4.12.9 | |
| Samba Samba | >=4.13.0<4.13.1 | |
| Redhat Enterprise Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.samba.org/samba/security/CVE-2020-14383.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1892640
- https://git.samba.org/?p=samba.git;a=commit;h=4cbf95e731b39b2dbfec02f33fd6b195d0b0f7a8
- https://git.samba.org/?p=samba.git;a=commit;h=862d6fb6f3235126c96683516c12a284bcf84901
- https://git.samba.org/?p=samba.git;a=commit;h=2d7d1dff7d20d5b06ff50452e7f714af9f6a109e
- https://git.samba.org/?p=samba.git;a=commit;h=425c31a599bb96c7d01273fc50b682bc42dbed57
- https://git.samba.org/?p=samba.git;a=commit;h=2632e8ebae826a7305fe7d3948ee28b77d2ffbc0
- https://git.samba.org/?p=samba.git;a=commit;h=8e09649351e9e8143b4bd0b76bcbd2cfb4d2f281
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636
- https://security.gentoo.org/glsa/202012-24
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
Frequently Asked Questions
What is CVE-2020-14383?
CVE-2020-14383 is a vulnerability found in Samba's DNS server that allows an authenticated user to crash the RPC server.
How does CVE-2020-14383 affect Samba?
CVE-2020-14383 affects Samba versions 4.0.0 to 4.11.15, 4.12.0 to 4.12.9, and 4.13.0 to 4.13.1.
What is the severity of CVE-2020-14383?
CVE-2020-14383 has a severity rating of 6.5 (medium).
How can an authenticated user exploit CVE-2020-14383?
An authenticated user can exploit CVE-2020-14383 by using the vulnerability to crash the RPC server.
Are there any remedies available for CVE-2020-14383?
Yes, updating Samba to versions 4.11.15, 4.12.9, or 4.13.1 will address the vulnerability.
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14383
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/samba
- canonical/samba samba
- version/samba samba/4.0.0
- version/samba samba/4.12.0
- version/samba samba/4.13.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/redhat