vulnerability

FreeBSD: VID-1F6D97DA-8F72-11EB-B3F1-005056A311D1 (CVE-2021-20277): samba -- Multiple Vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Mar 24, 2021
Added
Mar 28, 2021
Modified
Jun 3, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-1F6D97DA-8F72-11EB-B3F1-005056A311D1:




The Samba Team reports:




CVE-2020-27840: An anonymous attacker can crash the Samba AD DC


LDAP server by sending easily crafted DNs as


part of a bind request. More serious heap corruption


is likely also possible.


CVE-2021-20277: User-controlled LDAP filter strings against


the AD DC LDAP server may crash the LDAP server.





Solution(s)

freebsd-upgrade-package-samba411freebsd-upgrade-package-samba412freebsd-upgrade-package-samba413freebsd-upgrade-package-samba414
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.