CVSS: 10.0EPSS: 43%CPEs: 25EXPL: 32CVE-2020-1472 – Microsoft Netlogon Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. • https://www.exploit-db.com/exploits/49071 https://github.com/SecuraBV/CVE-2020-1472 https://github.com/dirkjanm/CVE-2020-1472 https://github.com/VoidSec/CVE-2020-1472 https://github.com/k8gege/CVE-2020-1472-EXP https://github.com/cube0x0/CVE-2020-1472 https://github.com/sv3nbeast/CVE-2020-1472 https://github.com/thatonesecguy/zerologon-CVE-2020-1472 https://github.com/CanciuCostin/CVE-2020-1472 https://github.com/0xkami/CVE-2020-1472 https://github.com/striveben&#x • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2020-14303
https://notcve.org/view.php?id=CVE-2020-14303
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. Se encontró un fallo en el servidor AD DC NBT en todas las versiones de Samba anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4. Un usuario de samba podría enviar un paquete UDP vacío para hacer que el servidor de samba se bloquee • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=1851298%3B https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2 https://security.gentoo.org/glsa/202007- • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-10745
https://notcve.org/view.php?id=CVE-2020-10745
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de Samba anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4 en la manera en que procesaba NetBios sobre TCP/IP. Este fallo permite a un atacante remoto poder causar que el servidor Samba consuma un uso excesivo de la CPU, resultando en una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2 https://security.gentoo.org/glsa/202007- • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-10730 – samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
https://notcve.org/view.php?id=CVE-2020-10730
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. Se encontró una desreferencia del puntero NULL, o un posible fallo de uso de la memoria previamente liberada en el servidor LDAP de Samba AD en versiones anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-10760
https://notcve.org/view.php?id=CVE-2020-10760
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. Se encontró un fallo de uso de la memoria previamente liberada en todas las versiones del servidor LDAP de samba anteriores a 4.10.17, anteriores a 4.11.11, anteriores a 4.12.4, usado en una configuración AC DC. Un usuario del LDAP de Samba podría usar este fallo para bloquear samba • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2 https://security.gentoo.org/glsa/202007- • CWE-416: Use After Free •