Published: 03/12/2020 Updated: 01/01/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318) A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323) A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated malicious user to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administratorprivileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
redhat storage 3.0
redhat enterprise linux 7.0
redhat enterprise linux 8.0

Synopsis Moderate: samba security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Debian Bug report logs - #973400 samba: CVE-2020-14318 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:09:01 UTC Severity: important Tags: security, upstream Found in ve ...

Debian Bug report logs - #973398 samba: CVE-2020-14383 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:06:01 UTC Severity: important Tags: security, upstream Found in ve ...

Debian Bug report logs - #973399 samba: CVE-2020-14323 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:06:05 UTC Severity: important Tags: security, upstream Found in ve ...

A flaw was found in the way samba handled file and directory permissions An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker (CVE-2020-14318) A null pointer dereference flaw was found in Samba's winbind service This flaw allows a local user to cra ...

A flaw was found in the way Samba handled file and directory permissions This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable The highest threat from this vulnerability is to confidentiality (CVE-2020-14318) A null pointer dereference flaw was found in Samba's winbi ...

CWE-266 https://bugzilla.redhat.com/show_bug.cgi?id=1892631 https://www.samba.org/samba/security/CVE-2020-14318.html https://security.gentoo.org/glsa/202012-24 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:5439 https://alas.aws.amazon.com/ALAS-2021-1469.html

CVE-2020-14318

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect