Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 730472 (CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303) - <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,14303})
Summary: <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,...
Status: RESOLVED FIXED
Alias: CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.samba.org/archive/samba...
Whiteboard: B3 [glsa+ cve]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-10700, CVE-2020-10704
  Show dependency tree
 
Reported: 2020-07-02 17:49 UTC by John Helmert III
Modified: 2020-07-27 19:05 UTC (History)
2 users (show)

See Also:
Package list:
net-fs/samba-4.11.11 amd64 arm ppc x86 sys-libs/ldb-2.0.12 amd64 arm ppc x86
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-02 17:49:12 UTC 
From URL:

o  CVE-2020-10730:
   A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
   de-reference and further combinations with the LDAP paged_results feature can
   give a use-after-free in Samba's AD DC LDAP server.

o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
   excessive CPU.

o  CVE-2020-10760:
   The use of the paged_results or VLV controls against the Global Catalog LDAP
   server on the AD DC will cause a use-after-free.

o  CVE-2020-14303:
   The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
   further requests once it receives an empty (zero-length) UDP packet to
   port 137.


Looks like we need a bump to 4.12.4 and a bump to 4.11.11.
Comment 1 Larry the Git Cow gentoo-dev 2020-07-02 19:38:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb

commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-02 19:29:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-02 19:38:15 +0000

    net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest             |   2 +
 net-fs/samba/samba-4.11.11.ebuild | 318 ++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.12.4.ebuild  | 316 +++++++++++++++++++++++++++++++++++++
 3 files changed, 636 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-02 22:20:10 UTC 
(In reply to Larry the Git Cow from comment #1)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> 
> commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> Author:     Lars Wendler <polynomial-c@gentoo.org>
> AuthorDate: 2020-07-02 19:29:26 +0000
> Commit:     Lars Wendler <polynomial-c@gentoo.org>
> CommitDate: 2020-07-02 19:38:15 +0000
> 
>     net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
>     
>     Bug: https://bugs.gentoo.org/730472
>     Package-Manager: Portage-2.3.103, Repoman-2.3.23
>     Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
> 
>  net-fs/samba/Manifest             |   2 +
>  net-fs/samba/samba-4.11.11.ebuild | 318
> ++++++++++++++++++++++++++++++++++++++
>  net-fs/samba/samba-4.12.4.ebuild  | 316
> +++++++++++++++++++++++++++++++++++++
>  3 files changed, 636 insertions(+)

Thanks! CCing arches.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-04 12:58:24 UTC 
arm64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2020-07-05 08:58:34 UTC 
ppc64 stable
Comment 5 Rolf Eike Beer archtester 2020-07-06 16:49:18 UTC 
sparc stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-12 13:59:13 UTC 
arm stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 03:28:54 UTC 
ppc stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 00:30:18 UTC 
x86 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 16:43:25 UTC 
amd64 stable. Please cleanup.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:55:14 UTC 
This issue was resolved and addressed in
 GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
by GLSA coordinator Sam James (sam_c).
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-27 01:15:53 UTC 
(In reply to GLSAMaker/CVETool Bot from comment #10)
> This issue was resolved and addressed in
>  GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
> by GLSA coordinator Sam James (sam_c).

Reopening for cleanup.
Comment 12 Larry the Git Cow gentoo-dev 2020-07-27 19:02:40 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4846a34e18629746a1b06a162b2b12e530d6dcfe

commit 4846a34e18629746a1b06a162b2b12e530d6dcfe
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 19:01:56 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    sys-libs/ldb: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 sys-libs/ldb/Manifest          |   1 -
 sys-libs/ldb/ldb-2.0.10.ebuild | 108 -----------------------------------------
 2 files changed, 109 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519b96d13806d2ced7b374ea263c51cfdcb9e03c

commit 519b96d13806d2ced7b374ea263c51cfdcb9e03c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 18:58:29 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest               |   3 -
 net-fs/samba/samba-4.11.8.ebuild    | 314 -----------------------------------
 net-fs/samba/samba-4.11.9-r1.ebuild | 318 ------------------------------------
 net-fs/samba/samba-4.12.3-r1.ebuild | 316 -----------------------------------
 4 files changed, 951 deletions(-)
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-27 19:05:21 UTC 
All done, thanks!