730472 – (CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303) <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,14303})

Bug 730472 (CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303) - <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,14303})

Summary: <net-fs/samba-4.11.11: Multiple vulnerabilities (CVE-2020-{10730,10745,10760,...

Status:	RESOLVED FIXED

Alias:	CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://lists.samba.org/archive/samba...
Whiteboard:	B3 [glsa+ cve]
Keywords:	CC-ARCHES

Depends on:
Blocks:	CVE-2020-10700, CVE-2020-10704
	Show dependency tree

Reported:	2020-07-02 17:49 UTC by John Helmert III
Modified:	2020-07-27 19:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	net-fs/samba-4.11.11 amd64 arm ppc x86 sys-libs/ldb-2.0.12 amd64 arm ppc x86
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-07-02 17:49:12 UTC

From URL:

o  CVE-2020-10730:
   A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
   de-reference and further combinations with the LDAP paged_results feature can
   give a use-after-free in Samba's AD DC LDAP server.

o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
   excessive CPU.

o  CVE-2020-10760:
   The use of the paged_results or VLV controls against the Global Catalog LDAP
   server on the AD DC will cause a use-after-free.

o  CVE-2020-14303:
   The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
   further requests once it receives an empty (zero-length) UDP packet to
   port 137.


Looks like we need a bump to 4.12.4 and a bump to 4.11.11.

Comment 1 Larry the Git Cow gentoo-dev

2020-07-02 19:38:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb

commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-02 19:29:26 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-02 19:38:15 +0000

    net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest             |   2 +
 net-fs/samba/samba-4.11.11.ebuild | 318 ++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.12.4.ebuild  | 316 +++++++++++++++++++++++++++++++++++++
 3 files changed, 636 insertions(+)

Comment 2 John Helmert III archtester

2020-07-02 22:20:10 UTC

(In reply to Larry the Git Cow from comment #1)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> 
> commit c4fe0c91aca3ab87754160d4f8a89a4d3688adfb
> Author:     Lars Wendler <polynomial-c@gentoo.org>
> AuthorDate: 2020-07-02 19:29:26 +0000
> Commit:     Lars Wendler <polynomial-c@gentoo.org>
> CommitDate: 2020-07-02 19:38:15 +0000
> 
>     net-fs/samba: Security bump to versions 4.11.11 and 4.12.4
>     
>     Bug: https://bugs.gentoo.org/730472
>     Package-Manager: Portage-2.3.103, Repoman-2.3.23
>     Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
> 
>  net-fs/samba/Manifest             |   2 +
>  net-fs/samba/samba-4.11.11.ebuild | 318
> ++++++++++++++++++++++++++++++++++++++
>  net-fs/samba/samba-4.12.4.ebuild  | 316
> +++++++++++++++++++++++++++++++++++++
>  3 files changed, 636 insertions(+)

Thanks! CCing arches.

Comment 3 Sam James archtester

2020-07-04 12:58:24 UTC

arm64 stable

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2020-07-05 08:58:34 UTC

ppc64 stable

Comment 5 Rolf Eike Beer archtester

2020-07-06 16:49:18 UTC

sparc stable

Comment 6 Sam James archtester

2020-07-12 13:59:13 UTC

arm stable

Comment 7 Sam James archtester

2020-07-17 03:28:54 UTC

ppc stable

Comment 8 Sam James archtester

2020-07-18 00:30:18 UTC

x86 stable

Comment 9 Sam James archtester

2020-07-18 16:43:25 UTC

amd64 stable. Please cleanup.

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2020-07-26 23:55:14 UTC

This issue was resolved and addressed in
 GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
by GLSA coordinator Sam James (sam_c).

Comment 11 Sam James archtester

2020-07-27 01:15:53 UTC

(In reply to GLSAMaker/CVETool Bot from comment #10)
> This issue was resolved and addressed in
>  GLSA 202007-15 at https://security.gentoo.org/glsa/202007-15
> by GLSA coordinator Sam James (sam_c).

Reopening for cleanup.

Comment 12 Larry the Git Cow gentoo-dev

2020-07-27 19:02:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4846a34e18629746a1b06a162b2b12e530d6dcfe

commit 4846a34e18629746a1b06a162b2b12e530d6dcfe
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 19:01:56 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    sys-libs/ldb: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 sys-libs/ldb/Manifest          |   1 -
 sys-libs/ldb/ldb-2.0.10.ebuild | 108 -----------------------------------------
 2 files changed, 109 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519b96d13806d2ced7b374ea263c51cfdcb9e03c

commit 519b96d13806d2ced7b374ea263c51cfdcb9e03c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-07-27 18:58:29 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-07-27 19:02:31 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/730472
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest               |   3 -
 net-fs/samba/samba-4.11.8.ebuild    | 314 -----------------------------------
 net-fs/samba/samba-4.11.9-r1.ebuild | 318 ------------------------------------
 net-fs/samba/samba-4.12.3-r1.ebuild | 316 -----------------------------------
 4 files changed, 951 deletions(-)

Comment 13 Sam James archtester

2020-07-27 19:05:21 UTC

All done, thanks!