FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Multiple Vulnerabilities

Affected packages
	samba411	<=	4.11.15
	samba412	<	4.12.14
	samba413	<	4.13.7
	samba414	<	4.14.2

Details

VuXML ID	1f6d97da-8f72-11eb-b3f1-005056a311d1
Discovery	2021-03-24
Entry	2021-03-28

The Samba Team reports:

CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible.

CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server.

[source]

References

CVE Name	CVE-2020-27840
CVE Name	CVE-2021-20277
URL	https://www.samba.org/samba/security/CVE-2020-27840.html
URL	https://www.samba.org/samba/security/CVE-2021-20277.html