Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2476)

Búsqueda de Vulnerabilidad		Buscar 191973 Descripciones CVE y 86218 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2020.2476

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2476)

Resumen: The remote host is missing an update for the Huawei EulerOS; 'samba' package(s) announced via the EulerOS-SA-2020-2476 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS
'samba' package(s) announced via the EulerOS-SA-2020-2476 advisory.

Vulnerability Insight:
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.(CVE-2020-10760)

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-10745)

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.(CVE-2020-10730)

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.(CVE-2020-14303)

Affected Software/OS:
'samba' package(s) on Huawei EulerOS Virtualization 3.0.6.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-10730
Common Vulnerability Exposure (CVE) ID: CVE-2020-10745
Common Vulnerability Exposure (CVE) ID: CVE-2020-10760
Common Vulnerability Exposure (CVE) ID: CVE-2020-14303

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2020.2476
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2476)
Resumen:	The remote host is missing an update for the Huawei EulerOS; 'samba' package(s) announced via the EulerOS-SA-2020-2476 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'samba' package(s) announced via the EulerOS-SA-2020-2476 advisory. Vulnerability Insight: A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.(CVE-2020-10760) A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-10745) A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.(CVE-2020-10730) A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.(CVE-2020-14303) Affected Software/OS: 'samba' package(s) on Huawei EulerOS Virtualization 3.0.6.6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-10730 Common Vulnerability Exposure (CVE) ID: CVE-2020-10745 Common Vulnerability Exposure (CVE) ID: CVE-2020-10760 Common Vulnerability Exposure (CVE) ID: CVE-2020-14303
Copyright	Copyright (C) 2020 Greenbone Networks GmbH