Vulnerability CVE-2020-27840: Information
Description
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.13.7-alt1 | 4.20.1-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
samba | p10 | 4.13.7-alt1 | 4.19.6-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
samba | p9 | 4.12.14-alt1 | 4.14.10-alt2 | ALT-PU-2021-1556-1 | 268328 | Fixed |
samba | c10f1 | 4.13.7-alt1 | 4.16.11-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
samba | c9f2 | 4.14.5-alt1 | 4.14.14-alt0.c9.1 | ALT-PU-2021-2081-1 | 271795 | Fixed |
samba | p11 | 4.13.7-alt1 | 4.20.1-alt1 | ALT-PU-2021-1548-1 | 268331 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1941400 |
|
[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update |
|
https://security.netapp.com/advisory/ntap-20210326-0007/ |
|
https://www.samba.org/samba/security/CVE-2020-27840.html |
|
DSA-4884 |
|
GLSA-202105-22 |
|
FEDORA-2021-c2d8628d33 | |
FEDORA-2021-1a8e93a285 | |
FEDORA-2021-c93a3a5d3f |