CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
83.7%
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x
before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe
provides administrative facilities to modify DNS records and zones. Samba,
when acting as an AD DC, stores DNS records in LDAP. In AD, the default
permissions on the DNS partition allow creation of new records by
authenticated users. This is used for example to allow machines to
self-register in DNS. If a DNS record was created that case-insensitively
matched the name of the zone, the ldb_qsort() and dns_name_compare()
routines could be confused into reading memory prior to the list of DNS
entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and
so following invalid memory as a pointer.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | samba | < 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 | UNKNOWN |
ubuntu | 19.04 | noarch | samba | < 2:4.10.0+dfsg-0ubuntu2.7 | UNKNOWN |
ubuntu | 19.10 | noarch | samba | < 2:4.10.7+dfsg-0ubuntu2.3 | UNKNOWN |
ubuntu | 14.04 | noarch | samba | < 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4 | UNKNOWN |
ubuntu | 16.04 | noarch | samba | < 2:4.3.11+dfsg-0ubuntu0.16.04.24 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
83.7%