CVE-2020-14383
Last modified
CVE-2020-14383 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.0.0, < 4.11.15 |
| Samba | Samba | >= 4.12.0, < 4.12.9 |
| Samba | Samba | >= 4.13.0, < 4.13.1 |
| Redhat | Enterprise Linux | 8.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636Issue Tracking, Patch, Third Party Advisory
- https://security.gentoo.org/glsa/202012-24Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-14383.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636Issue Tracking, Patch, Third Party Advisory
- https://security.gentoo.org/glsa/202012-24Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-14383.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14383?
How severe is CVE-2020-14383?
How do I fix CVE-2020-14383?
Are you affected by CVE-2020-14383?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST