CVE-2021-3670
Published: 31 December 2021
MaxQueryDuration not honoured in Samba AD DC LDAP
Priority
Status
Package | Release | Status |
---|---|---|
ldb Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
lunar |
Does not exist
|
|
jammy |
Not vulnerable
(2:2.4.2-0ubuntu1)
|
|
bionic |
Needed
|
|
focal |
Released
(2:2.2.3-0ubuntu0.20.04.3)
|
|
impish |
Ignored
(end of life)
|
|
upstream |
Released
(2.3.3,2.4.2)
|
|
mantic |
Does not exist
|
|
Patches: upstream: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f |
||
samba Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
lunar |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
|
bionic |
Needed
|
|
upstream |
Released
(2:4.16.0+dfsg-2,4.15.6,4.14.3)
|
|
focal |
Released
(2:4.13.17~dfsg-0ubuntu1.20.04.1)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(2:4.15.5~dfsg-0ubuntu5.1)
|
|
mantic |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
|
Patches: upstream: https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81 upstream: https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 upstream: https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049 upstream: https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 upstream: https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b upstream: https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |