Corrective releases of the Samba package 4.14.2, 4.13.7 and 4.12.14 have been prepared, in which two vulnerabilities are fixed:
- CVE-2020-27840 is a buffer overflow that occurs when processing specially styled DN (Distinguished Name) names. An anonymous attacker can crash a Samba-based AD DC LDAP server by sending a specially crafted bind request. Since during the attack it is possible to control the rewriting area, more serious consequences cannot be ruled out, such as executing your code on the server, but there is no working exploit yet. Since the DN string parsing code that leads to the vulnerability is executed at the stage before checking the authentication parameters, the problem can be exploited by an attacker who does not have an account on the server.
- CVE-2021-20277 An out-of-bounds buffer read occurs when the AD DC LDAP server processes a specially crafted user-defined filter. The problem may cause the server handler to crash or leak content from process memory.
Source: opennet.ru