Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

CVE
#ios#linux#red_hat#samba#bios

Description Huzaifa S. Sidhpurwala 2020-06-26 04:44:42 UTC

As per upstream advisory:

The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137.

The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the AD DC side of the codebase, not that used by the the member server or file server.

Comment 1 Huzaifa S. Sidhpurwala 2020-06-26 04:44:46 UTC

Acknowledgments:

Name: the Samba project Upstream: Martin von Wittich (IServ GmbH), Wilko Meyer (IServ GmbH)

Comment 2 Huzaifa S. Sidhpurwala 2020-06-26 04:46:01 UTC

Mitigation:

The NetBIOS over TCP/IP name resolution protocol is implemented as a UDP datagram on port 137.

The AD DC client and server-side processing code for NBT name resolution will enter a tight loop if a UDP packet with 0 data length is received. The client for this case is only found in the AD DC side of the codebase, not that used by the the member server or file server.

Comment 4 Huzaifa S. Sidhpurwala 2020-07-02 09:37:12 UTC

Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1853259]

Comment 6 Hardik Vyas 2020-07-02 11:52:38 UTC

Statement:

This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux and Red Hat Gluster Storage 3 because there is no support for samba as Active Directory Domain Controller.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907