CVE-2020-10704

Published: 28 April 2020

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.10.15,4.11.8,4.12.2)
Ubuntu 20.10 (Groovy Gorilla)
Released (2:4.11.6+dfsg-0ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:4.11.6+dfsg-0ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.16)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2:4.3.11+dfsg-0ubuntu0.16.04.26)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.3.11+dfsg-0ubuntu0.14.04.20+esm6)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable