Bugzilla – Bug 1173994
VUL-0: CVE-2020-14323: samba: Denial of service in winbindd.
Last modified: 2023-01-23 14:15:41 UTC
Created attachment 839579 [details] CVE-2020-14323.py QA REPRODUCER: python3 CVE-2020-14323.py should (NOT) crash the local winbindd
CRD: 2020-10-29
now poublic https://www.samba.org/samba/security/CVE-2020-14323.html CVE-2020-14323.html =========================================================== == Subject: Unprivileged user can crash winbind == == GitHub Security Lab (GHSL) Vulnerability Report: 'GHSL-2020-134' == == CVE ID#: CVE-2020-14323 == == == Versions: All versions of Samba since Samba 3.6.0 == == Summary: With a specially crafted winbind request == sent over the non-privileged winbind pipe == winbind can be made to dereference a NULL == pointer =========================================================== =========== Description =========== winbind in version 3.6 and later implements a request to translate multiple Windows SIDs into names in one request. This was done for performance reasons: Active Directory domain controllers can do multiple SID to name translations in one RPC call. It was an obvious extension to also offer this batch operation on the winbind unix domain stream socket that is available to local processes on the Samba server to reduce network round-trips to the domain controller. Due to improper input validation a hand-crafted packet can make winbind perform a NULL pointer dereference and thus crash. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba 4.11.15, 4.12.9 and 4.13.1 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS 3.1: AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (5.0) ================================= Workaround and mitigating factors ================================= Any user with local shell access to the machine running winbind can issue the winbind socket request. The only workaround is to disable shell access to exposed machines. Typical file servers don't offer full local access, they are not affected. ======= Credits ======= Originally reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134. Advisory written by Volker Lendecke of SerNet and the Samba Team. Patches provided by Volker Lendecke of SerNet and the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
SUSE-SU-2020:3081-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE Linux Enterprise Module for Python2 15-SP2 (src): samba-4.11.14+git.202.344b137b75d-4.14.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): samba-4.11.14+git.202.344b137b75d-4.14.1 SUSE Linux Enterprise High Availability 15-SP2 (src): samba-4.11.14+git.202.344b137b75d-4.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3082-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): samba-4.10.18+git.219.1d732314d96-3.20.1 SUSE Linux Enterprise Server 12-SP5 (src): samba-4.10.18+git.219.1d732314d96-3.20.1 SUSE Linux Enterprise High Availability 12-SP5 (src): samba-4.10.18+git.219.1d732314d96-3.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3083-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994 CVE References: CVE-2020-14318,CVE-2020-14323 JIRA References: Sources used: SUSE OpenStack Cloud 7 (src): samba-4.4.2-38.39.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): samba-4.4.2-38.39.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): samba-4.4.2-38.39.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): samba-4.4.2-38.39.1 SUSE Linux Enterprise High Availability 12-SP2 (src): samba-4.4.2-38.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3087-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): samba-4.7.11+git.280.25dfd9a947d-4.51.1 SUSE Linux Enterprise Server 15-LTSS (src): samba-4.7.11+git.280.25dfd9a947d-4.51.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): samba-4.7.11+git.280.25dfd9a947d-4.51.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): samba-4.7.11+git.280.25dfd9a947d-4.51.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.11+git.280.25dfd9a947d-4.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3093-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE OpenStack Cloud Crowbar 8 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE OpenStack Cloud 9 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE OpenStack Cloud 8 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise High Availability 12-SP4 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Linux Enterprise High Availability 12-SP3 (src): samba-4.6.16+git.248.c833312e640-3.58.1 SUSE Enterprise Storage 5 (src): samba-4.6.16+git.248.c833312e640-3.58.1 HPE Helion Openstack 8 (src): samba-4.6.16+git.248.c833312e640-3.58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3092-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE Linux Enterprise Module for Python2 15-SP1 (src): samba-4.9.5+git.383.7b7f8f14df8-3.47.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): samba-4.9.5+git.383.7b7f8f14df8-3.47.1 SUSE Linux Enterprise High Availability 15-SP1 (src): samba-4.9.5+git.383.7b7f8f14df8-3.47.1 SUSE Enterprise Storage 6 (src): samba-4.9.5+git.383.7b7f8f14df8-3.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:14525-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994 CVE References: CVE-2020-14318,CVE-2020-14323 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): samba-3.6.3-94.31.1, samba-doc-3.6.3-94.31.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): samba-3.6.3-94.31.1, samba-doc-3.6.3-94.31.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): samba-3.6.3-94.31.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): samba-3.6.3-94.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1811-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: openSUSE Leap 15.1 (src): samba-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1
openSUSE-SU-2020:1819-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1173902,1173994,1177613 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: openSUSE Leap 15.2 (src): samba-4.11.14+git.202.344b137b75d-lp152.3.16.1
SUSE-SU-2021:0185-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1173902,1173994,1177355,1177613,1178469 CVE References: CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 JIRA References: Sources used: SUSE Enterprise Storage 7 (src): samba-4.13.3+git.181.fc4672a5b81-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released
SUSE-SU-2023:0122-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1173994,1201496,1205385,1206504,1206546 CVE References: CVE-2020-14323,CVE-2021-20251,CVE-2022-32742,CVE-2022-37966,CVE-2022-38023 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): samba-4.4.2-38.55.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.