Headline
CVE-2021-3670: Invalid Bug ID
MaxQueryDuration not honoured in Samba AD DC LDAP
‘14694?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
Ubuntu Security Notice 5542-1 - It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges.