vulnerability
FreeBSD: VID-1F6D97DA-8F72-11EB-B3F1-005056A311D1 (CVE-2021-20277): samba -- Multiple Vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Mar 24, 2021 | Mar 28, 2021 | Jun 3, 2021 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Mar 24, 2021
Added
Mar 28, 2021
Modified
Jun 3, 2021
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-1F6D97DA-8F72-11EB-B3F1-005056A311D1:
The Samba Team reports:
CVE-2020-27840: An anonymous attacker can crash the Samba AD DC
LDAP server by sending easily crafted DNs as
part of a bind request. More serious heap corruption
is likely also possible.
CVE-2021-20277: User-controlled LDAP filter strings against
the AD DC LDAP server may crash the LDAP server.
Solution(s)
freebsd-upgrade-package-samba411freebsd-upgrade-package-samba412freebsd-upgrade-package-samba413freebsd-upgrade-package-samba414

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.