CVE-2020-10745 - log back

CVE-2020-10745 edited at 08 Jul 2020 08:40:39
Notes
+ The vulnerable DNS server (port 53) and NBT server (port 139) is only provided when Samba runs as an Active Directory DC. The implementation provided by nmbd in the file-server configuration is not subject to this issue. In the AD DC, the NBT server can be disabled with 'disable netbios = yes'.
CVE-2020-10745 edited at 08 Jul 2020 08:18:06
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP and DNS paclets. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service.
References
+ https://www.samba.org/samba/security/CVE-2020-10745.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1849491
+ https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
Notes
CVE-2020-10745 created at 08 Jul 2020 08:01:46