FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba410 < 4.10.15
samba411 < 4.11.8
samba412 < 4.12.2

Details

VuXML ID 3c7911c9-8a29-11ea-8d8c-005056a311d1
Discovery 2020-04-29
Entry 2020-04-29

The Samba Team reports:

CVE-2020-10700

A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server.

CVE-2020-10704

A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV.

References

CVE Name CVE-2020-10700
CVE Name CVE-2020-10704
URL https://www.samba.org/samba/history/samba-4.12.2.html