Vulnerability CVE-2020-27840: Information
Description
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| samba | sisyphus | 4.13.7-alt1 | 4.20.1-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
| samba | p10 | 4.13.7-alt1 | 4.19.6-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
| samba | p9 | 4.12.14-alt1 | 4.14.10-alt2 | ALT-PU-2021-1556-1 | 268328 | Fixed |
| samba | c10f1 | 4.13.7-alt1 | 4.16.11-alt2 | ALT-PU-2021-1548-1 | 268331 | Fixed |
| samba | c9f2 | 4.14.5-alt1 | 4.14.14-alt0.c9.1 | ALT-PU-2021-2081-1 | 271795 | Fixed |
| samba | p11 | 4.13.7-alt1 | 4.20.1-alt1 | ALT-PU-2021-1548-1 | 268331 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1941400 |
|
| [debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update |
|
| https://security.netapp.com/advisory/ntap-20210326-0007/ |
|
| https://www.samba.org/samba/security/CVE-2020-27840.html |
|
| DSA-4884 |
|
| GLSA-202105-22 |
|
| FEDORA-2021-c2d8628d33 | |
| FEDORA-2021-1a8e93a285 | |
| FEDORA-2021-c93a3a5d3f |