---

CVE-2020-10745 - log back

CVE-2020-10745 edited at 08 Jul 2020 08:40:39
Notes	+ The vulnerable DNS server (port 53) and NBT server (port 139) is only provided when Samba runs as an Active Directory DC. The implementation provided by nmbd in the file-server configuration is not subject to this issue. In the AD DC, the NBT server can be disabled with 'disable netbios = yes'.

CVE-2020-10745 edited at 08 Jul 2020 08:18:06
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP and DNS paclets. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service.
References	+ https://www.samba.org/samba/security/CVE-2020-10745.html + https://bugzilla.redhat.com/show_bug.cgi?id=1849491 + https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
Notes

CVE-2020-10745 created at 08 Jul 2020 08:01:46