Samba Team Releases Security Updates

Threat ID:: CC-3538
Threat Severity:: Low
Published:: 7 July 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Samba

Threat details

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Users and administrators are encouraged to review the below Samba security announcements and apply the necessary updates and workarounds.

Remediation steps

Type	Step
Patch	CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. https://www.samba.org/samba/security/CVE-2020-10730.html
Patch	CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV. https://www.samba.org/samba/security/CVE-2020-10760.html
Patch	CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC only. https://www.samba.org/samba/security/CVE-2020-10745.html
Patch	CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd. https://www.samba.org/samba/security/CVE-2020-14303.html

Last edited: 7 July 2020 1:56 pm