CVE-2020-10745
Ubuntu Security Notice USN-4409-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.
Se encontró un fallo en todas las versiones de Samba anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4 en la manera en que procesaba NetBios sobre TCP/IP. Este fallo permite a un atacante remoto poder causar que el servidor Samba consuma un uso excesivo de la CPU, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. Douglas Bagnall discovered that Samba incorrectly handled certain queries. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-07-02 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B | X_refsource_misc | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.0.0 < 4.10.17 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.10.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.11.0 < 4.11.11 Search vendor "Samba" for product "Samba" and version " >= 4.11.0 < 4.11.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.12.0 < 4.12.4 Search vendor "Samba" for product "Samba" and version " >= 4.12.0 < 4.12.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||