CVE-2021-3670
Published: 31 December 2021
MaxQueryDuration not honoured in Samba AD DC LDAP
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ldb Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
| lunar |
Does not exist
|
|
| jammy |
Not vulnerable
(2:2.4.2-0ubuntu1)
|
|
| bionic |
Needed
|
|
| focal |
Released
(2:2.2.3-0ubuntu0.20.04.3)
|
|
| impish |
Ignored
(end of life)
|
|
| upstream |
Released
(2.3.3,2.4.2)
|
|
| mantic |
Does not exist
|
|
|
Patches: upstream: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f |
||
|
samba Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
| lunar |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
|
| bionic |
Needed
|
|
| upstream |
Released
(2:4.16.0+dfsg-2,4.15.6,4.14.3)
|
|
| focal |
Released
(2:4.13.17~dfsg-0ubuntu1.20.04.1)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Not vulnerable
(2:4.15.5~dfsg-0ubuntu5.1)
|
|
| mantic |
Not vulnerable
(2:4.16.2+dfsg-1ubuntu1)
|
|
|
Patches: upstream: https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81 upstream: https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 upstream: https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049 upstream: https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 upstream: https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b upstream: https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |