Synology-SA-20:17 Samba AD DC

Publish Time: 2020-07-06 18:34:08 UTC+8

Last Updated: 2021-04-12 15:06:21 UTC+8

Severity
Moderate
Status
Resolved

Abstract

CVE-2020-10745 and CVE-2020-14303 allow remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Directory Server.

None of Synology's products are affected by CVE-2020-10730 or CVE-2020-10760 as these vulnerabilities only affect Samba 4.5.0 and later.

Affected Products

Product Severity Fixed Release Availability
Synology Directory Server Moderate Upgrade DSM to 6.2.4-25513 or above.

Mitigation

None

Detail

  • CVE-2020-10745

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
    • A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.
  • CVE-2020-14303

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
    • A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
  • CVE-2020-10730

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N/E:P/RL:O/RC:C
    • A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
  • CVE-2020-10760

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N/E:P/RL:O/RC:C
    • A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

Reference

Revision

Revision Date Description
1 2020-07-06 Initial public release.
2 2021-02-23 Update for Synology Directory Server is now available in Affected Products.
3 2021-04-12 Disclosed vulnerability details.