<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.12.4.html">samba-4.12.4</a></li>
<li><a href="samba-4.12.3.html">samba-4.12.3</a></li>
<li><a href="samba-4.12.2.html">samba-4.12.2</a></li>
<li><a href="samba-4.12.1.html">samba-4.12.1</a></li>
<li><a href="samba-4.12.0.html">samba-4.12.0</a></li>
+ <li><a href="samba-4.11.11.html">samba-4.11.11</a></li>
<li><a href="samba-4.11.10.html">samba-4.11.10</a></li>
<li><a href="samba-4.11.9.html">samba-4.11.9</a></li>
<li><a href="samba-4.11.8.html">samba-4.11.8</a></li>
<li><a href="samba-4.11.2.html">samba-4.11.2</a></li>
<li><a href="samba-4.11.1.html">samba-4.11.1</a></li>
<li><a href="samba-4.11.0.html">samba-4.11.0</a></li>
+ <li><a href="samba-4.10.17.html">samba-4.10.17</a></li>
<li><a href="samba-4.10.16.html">samba-4.10.16</a></li>
<li><a href="samba-4.10.15.html">samba-4.10.15</a></li>
<li><a href="samba-4.10.14.html">samba-4.10.14</a></li>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.10.17 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.10.17 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.gz">Samba 4.10.17 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.gz">Patch (gzipped) against Samba 4.10.16</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.10.17
+ July 02, 2020
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.10.16
+---------------------
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <gary@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 1.5.8.
+
+
+</pre>
+</p>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.11.11 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.11.11 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.gz">Samba 4.11.11 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.gz">Patch (gzipped) against Samba 4.11.10</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.11.11
+ July 02, 2020
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.11.10
+---------------------
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <gary@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 2.1.4.
+
+
+</pre>
+</p>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.4 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.gz">Samba 4.12.4 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.gz">Patch (gzipped) against Samba 4.12.3</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.12.4
+ July 02, 2020
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.12.3
+--------------------
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abartlet@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <gary@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 2.1.4.
+
+
+</pre>
+</p>
+</body>
+</html>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>02 Jul 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.3-security-2020-07-02.patch">
+ patch for Samba 4.12.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.11.10-security-2020-07-02.patch">
+ patch for Samba 4.11.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.16-security-2020-07-02.patch">
+ patch for Samba 4.10.16</a><br />
+ </td>
+ <td>CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730">CVE-2020-10730</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10745">CVE-2020-10745</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10760">CVE-2020-10760</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303">CVE-2020-14303</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-10730.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10745.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10760.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-14303.html">Announcement</a>
+ </td>
+ </tr>
+
<tr>
<td>28 Apr 2020</td>
<td><a href="/samba/ftp/patches/security/samba-4.12.1-security-2020-04-28.patch">
--- /dev/null
+<!-- BEGIN: posted_news/20200702-080358.4.12.4.body.html -->
+<h5><a name="4.12.4">02 July 2020</a></h5>
+<p class=headline>Samba 4.12.4, 4.11.11 and 4.10.17 Security Releases Available</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2020-10730.html">CVE-2020-10730</a>
+(NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with
+ASQ, VLV and paged_results).
+<a href="/samba/security/CVE-2020-10745.html">CVE-2020-10745</a>
+(Parsing and packing of NBT and DNS packets can consume excessive CPU).
+<a href="/samba/security/CVE-2020-10760.html">CVE-2020-10760</a>
+(LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV).
+<a href="/samba/security/CVE-2020-14303.html">CVE-2020-14303</a>
+(Empty UDP packet DoS in Samba AD DC nbtd).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID
+6F33915B6568B7EA).</br>
+The 4.12.4 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.gz">downloaded
+now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.gz">patch
+against Samba 4.12.3</a> is also available.</br>
+See <a href="https://www.samba.org/samba/history/samba-4.12.4.html">the 4.12.4
+release notes</a> for more info.</br>
+The 4.11.11 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.gz">downloaded
+now</a>.</br>
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.gz">patch
+against Samba 4.11.10</a> is also available.</br>
+See <a href="https://www.samba.org/samba/history/samba-4.11.11.html">the 4.11.11
+release notes</a> for more info.</br>
+The 4.10.17 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.gz">downloaded
+now</a>.</br>
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.gz">patch
+against Samba 4.10.16</a> is also available.<br>
+See <a href="https://www.samba.org/samba/history/samba-4.10.17.html">the 4.10.17
+release notes</a> for more info.</br>
+</p>
+<!-- END: posted_news/20200702-080358.4.12.4.body.html -->
--- /dev/null
+<!-- BEGIN: posted_news/20200702-080358.4.12.4.headline.html -->
+<li> 02 July 2020 <a href="#4.12.4">Samba 4.12.4, 4.11.11 and 4.10.17 Security
+Releases Available</a></li>
+<!-- END: posted_news/20200702-080358.4.12.4.headline.html -->
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-10730.html
+
+<p>
+<pre>
+===========================================================
+== Subject: NULL pointer de-reference and use-after-free
+== in Samba AD DC LDAP Server with ASQ, VLV and
+== paged_results
+==
+== CVE ID#: CVE-2020-10730
+==
+== Versions: Samba 4.5.0 and later
+==
+== Summary: A client combining the 'ASQ' and 'VLV' LDAP
+== controls can cause a NULL pointer de-reference and
+== further combinations with the LDAP paged_results
+== feature can give a use-after-free in Samba's AD DC
+== LDAP server.
+===========================================================
+
+===========
+Description
+===========
+
+Samba has, since Samba 4.5, supported the VLV Active Directory LDAP
+feature, to allow clients to obtain 'virtual list views' of search
+results against a Samba AD DC using an LDAP control.
+
+The combination of this control, and the ASQ control combines to allow
+an authenticated user to trigger a NULL-pointer de-reference. It is
+also possible to trigger a use-after-free, both as the code is very
+similar to that addressed by CVE-2020-10700 and due to the way
+errors are handled in the dsdb_paged_results module since Samba 4.10.
+
+
+==================
+Patch Availability
+==================
+
+Patches addressing both of these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.10.17, 4.11.11 and 4.12.4 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
+
+=========================
+Workaround and mitigation
+=========================
+
+None.
+
+=======
+Credits
+=======
+
+Originally reported by Andrew Bartlett of Catalyst and the Samba Team.
+
+Patches provided by Andrew Bartlett and Gary Lockyer of Catalyst and
+the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-10745.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Parsing and packing of NBT and DNS packets
+== can consume excessive CPU in the AD DC (only)
+==
+== CVE ID#: CVE-2020-10745
+==
+== Versions: All Samba versions since 4.0.0
+==
+== Summary: Compression of replies to NetBIOS over TCP/IP
+== name resolution and DNS packets (which can be
+== supplied as UDP requests) can be abused to
+== consume excessive amounts of CPU on the Samba
+== AD DC (only).
+==
+===========================================================
+
+===========
+Description
+===========
+
+The NetBIOS over TCP/IP name resolution protocol is framed using the
+same format as DNS, and Samba's packing code for both uses DNS name
+compression.
+
+An attacker can choose a name which, when the name is included in the
+reply, causes the DNS name compression algorithm to walk a very long
+internal list while trying to compress the reply. This in in part
+because the traditional "." separator in DNS is not actually part of
+the DNS protocol, the limit of 128 components is exceeded by including
+"." inside the components.
+
+Specifically, the longest label is 63 characters, and Samba enforces a
+limit of 128 components. That means you can make a query for the
+address with 127 components, each of which is
+"...............................................................".
+
+In processing that query, Samba rewrites the name in dot-separated
+form, then converts it back to the wire format in order to
+reply. Unfortunately for Samba, it now finds the name is just 8127
+dots, which it duly converts into over 8127 zero length labels.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.10.17, 4.11.11, and 4.12.4 have been issued as
+security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon as
+possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5)
+
+==========
+Workaround
+==========
+
+The vulnerable DNS server (port 53) and NBT server (port 139) is only
+provided when Samba runs as an Active Directory DC. The
+implementation provided by nmbd in the file-server configuration is
+not subject to this issue. In the AD DC, the NBT server can be
+disabled with 'disable netbios = yes'.
+
+=======
+Credits
+=======
+
+Found using Honggfuzz and triaged by Douglas Bagnall of Catalyst and
+the Samba Team.
+
+Patches provided by Douglas Bagnall of Catalyst and the Samba Team.
+
+Advisory written by Andrew Bartlett and Douglas Bagnall of Catalyst
+and the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-10760.html
+
+<p>
+<pre>
+===========================================================
+== Subject: LDAP Use-after-free in Samba AD DC Global Catalog with
+== paged_results and VLV
+==
+== CVE ID#: CVE-2020-10760
+==
+== Versions: All versions of Samba since Samba 4.5.0
+==
+== Summary: The use of the paged_results or VLV controls against
+== the Global Catalog LDAP server on the AD DC will cause
+== a use-after-free.
+===========================================================
+
+===========
+Description
+===========
+
+Samba 4.5 and later implements VLV - Virtual List View, and Samba 4.10
+and later reimplemented the paged_results control using similar code.
+
+This code is more memory-efficient, storing only a pointer to the
+object, not the returned object. However this means parts of the
+original request must be retained
+
+When these controls are used by a client that connects to the Global
+Catalog server, these modules failed to correctly retain the control
+data along with the request, causing a use-after-free and an abort
+when this is detected by the talloc library.
+
+NOTE WELL: Unsupported Samba versions before Samba 4.7 use a single
+process for the LDAP servers.
+
+All versions of Samba after Samba 4.11 use the 'prefork' process model
+to create a shared connection pool. Crashing servers are restarted,
+but service is disrupted.
+
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.10.17, 4.11.11 and 4.12.4 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
+
+================================
+Workaround and mitigating factors
+================================
+
+By default, Samba 4.10 is run using the "standard" process model which
+is one-process-per-client. (Later versions use 'prefork').
+
+This is controlled by the -M or --model parameter to the samba binary.
+
+All Samba versions are impacted if -M prefork or -M single is used. To
+mitigate this issue, select -M standard (however this will use more
+memory, and may cause resource exhaustion).
+
+=======
+Credits
+=======
+
+Originally reported by Andrei Popa <andrei.popa@next-gen.ro> and
+another anonymous reporter.
+
+Advisory written by Andrew Bartlett of Catalyst and the Samba Team.
+
+Patches provided by Andrew Bartlett of Catalyst and the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-14303.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Empty UDP packet DoS in Samba AD DC nbtd
+==
+== CVE ID#: CVE-2020-14303
+==
+== Versions: All Samba versions since Samba 4.0.0
+==
+== Summary: The AD DC NBT server in Samba 4.0 will enter a
+== CPU spin and not process further requests
+== once it receives a empty (zero-length) UDP
+== packet to port 137.
+===========================================================
+
+===========
+Description
+===========
+
+The NetBIOS over TCP/IP name resolution protocol is implemented
+as a UDP datagram on port 137.
+
+The AD DC client and server-side processing code for NBT name resolution
+will enter a tight loop if a UDP packet with 0 data length is
+received. The client for this case is only found in the AD DC side of
+the codebase, not that used by the the member server or file server.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba Samba 4.10.17, 4.11.11, and 4.12.4 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5)
+
+=========================
+Workaround and mitigation
+=========================
+
+The NBT server (UDP port 137) is provided by nmbd in the
+file-server configuration, which is not impacted by this issue.
+
+In the AD DC, the NBT server can be disabled with
+'disable netbios = yes'.
+
+=======
+Credits
+=======
+
+Originally reported by Martin von Wittich
+<martin.von.wittich@iserv.eu> and Wilko Meyer <wilko.meyer@iserv.eu>
+of IServ GmbH.
+
+Patches provided by Gary Lockyer of Catalyst and the Samba Team.
+
+Advisory written by Andrew Bartlett of Catalyst and the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
git.samba.org / samba-web.git / commitdiff