CVE-2020-10704

N/A

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未经控制的递归

Samba 资源管理错误漏洞

Samba是Samba团队的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba 4.10.15之前版本、4.11.8之前版本和4.12.2之前版本中存在资源管理错误漏洞，该漏洞源于程序没有正确处理LDAP查询。攻击者可利用该漏洞造成拒绝服务。

N/A

N/A