Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3670

Published: 31 December 2021

MaxQueryDuration not honoured in Samba AD DC LDAP

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
ldb
Launchpad, Ubuntu, Debian 		bionic Needed

focal
Released (2:2.2.3-0ubuntu0.20.04.3)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(2:2.4.2-0ubuntu1)
kinetic Does not exist

lunar Does not exist

upstream
Released (2.3.3,2.4.2)
Patches:
upstream: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f






samba
Launchpad, Ubuntu, Debian 		bionic Needed

focal
Released (2:4.13.17~dfsg-0ubuntu1.20.04.1)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(2:4.15.5~dfsg-0ubuntu5.1)
kinetic Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
lunar Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
upstream
Released (2:4.16.0+dfsg-2,4.15.6,4.14.3)
Patches:

upstream: https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81
upstream: https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803
upstream: https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049
upstream: https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002
upstream: https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b
upstream: https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading