Bugzilla – Bug 1173359
VUL-1: CVE-2020-14303: samba: Endless loop from empty UDP packet sent to AD DC nbt_server
Last modified: 2020-09-17 19:15:50 UTC
is now public https://www.samba.org/samba/security/CVE-2020-14303.html CVE-2020-14303.html =========================================================== == Subject: Empty UDP packet DoS in Samba AD DC nbtd == == CVE ID#: CVE-2020-14303 == == Versions: All Samba versions since Samba 4.0.0 == == Summary: The AD DC NBT server in Samba 4.0 will enter a == CPU spin and not process further requests == once it receives a empty (zero-length) UDP == packet to port 137. =========================================================== =========== Description =========== The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137. The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the AD DC side of the codebase, not that used by the the member server or file server. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba Samba 4.10.17, 4.11.11, and 4.12.4 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5) ========================= Workaround and mitigation ========================= The NBT server (UDP port 137) is provided by nmbd in the file-server configuration, which is not impacted by this issue. In the AD DC, the NBT server can be disabled with 'disable netbios = yes'. ======= Credits ======= Originally reported by Martin von Wittich <martin.von.wittich@iserv.eu> and Wilko Meyer <wilko.meyer@iserv.eu> of IServ GmbH. Patches provided by Gary Lockyer of Catalyst and the Samba Team. Advisory written by Andrew Bartlett of Catalyst and the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
SUSE-SU-2020:1913-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1171437,1172307,1173159,1173160,1173161,1173359 CVE References: CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 Sources used: SUSE Linux Enterprise Module for Python2 15-SP1 (src): samba-4.9.5+git.343.4bc358522a9-3.38.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): samba-4.9.5+git.343.4bc358522a9-3.38.1 SUSE Linux Enterprise High Availability 15-SP1 (src): samba-4.9.5+git.343.4bc358522a9-3.38.1 SUSE Enterprise Storage 6 (src): samba-4.9.5+git.343.4bc358522a9-3.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1948-1: An update that solves 6 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120 CVE References: CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 Sources used: SUSE Linux Enterprise Module for Python2 15-SP2 (src): samba-4.11.11+git.180.2cf3b203f07-4.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): ldb-2.0.12-3.3.1, samba-4.11.11+git.180.2cf3b203f07-4.5.1 SUSE Linux Enterprise High Availability 15-SP2 (src): samba-4.11.11+git.180.2cf3b203f07-4.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0984-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1171437,1172307,1173159,1173160,1173161,1173359 CVE References: CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 Sources used: openSUSE Leap 15.1 (src): samba-4.9.5+git.343.4bc358522a9-lp151.2.27.1
openSUSE-SU-2020:1023-1: An update that solves 6 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120 CVE References: CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 Sources used: openSUSE Leap 15.2 (src): ldb-2.0.12-lp152.2.3.1, samba-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
released
openSUSE-SU-2020:1313-1: An update that solves 6 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120 CVE References: CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 JIRA References: Sources used: openSUSE Leap 15.2 (src): ldb-2.0.12-lp152.2.6.1, samba-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
SUSE-SU-2020:2673-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 1141267,1144902,1154289,1154598,1158108,1158109,1160850,1160852,1160888,1169850,1169851,1173159,1173160,1173359,1174120 CVE References: CVE-2019-10197,CVE-2019-10218,CVE-2019-14833,CVE-2019-14847,CVE-2019-14861,CVE-2019-14870,CVE-2019-14902,CVE-2019-14907,CVE-2019-19344,CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ldb-1.5.8-3.5.1, samba-4.10.17+git.203.862547088ca-3.14.1 SUSE Linux Enterprise Server 12-SP5 (src): ldb-1.5.8-3.5.1, samba-4.10.17+git.203.862547088ca-3.14.1 SUSE Linux Enterprise High Availability 12-SP5 (src): samba-4.10.17+git.203.862547088ca-3.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.