cve-2020-14383
Vulnerability from cvelistv5
Published
2020-12-02 00:00
Modified
2024-08-15 15:47
Severity ?
Summary
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1892636Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
secalert@redhat.comhttps://security.gentoo.org/glsa/202012-24Third Party Advisory
secalert@redhat.comhttps://www.samba.org/samba/security/CVE-2020-14383.htmlVendor Advisory
Impacted products
n/asamba
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892636"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2020-14383.html"
          },
          {
            "name": "GLSA-202012-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-24"
          },
          {
            "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14383",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:10:17.178172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T15:47:32.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "samba 4.11.15, samba 4.12.9, samba 4.13.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in samba\u0027s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-391",
              "description": "CWE-391",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-22T16:05:57.710729",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892636"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2020-14383.html"
        },
        {
          "name": "GLSA-202012-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202012-24"
        },
        {
          "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14383",
    "datePublished": "2020-12-02T00:00:00",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-15T15:47:32.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14383\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-02T01:15:12.170\",\"lastModified\":\"2024-04-22T16:15:11.937\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in samba\u0027s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en el servidor DNS de samba.\u0026#xa0;Un usuario autenticado podr\u00eda usar este fallo para que el servidor RPC se bloquee.\u0026#xa0;Este servidor RPC, que tambi\u00e9n sirve protocolos distintos a dnsserver, ser\u00e1 reinciado despu\u00e9s de un breve retraso, pero es f\u00e1cil para un atacante no administrativo autenticado bloquearlo nuevamente tan pronto como regrese.\u0026#xa0;El servidor DNS de Samba seguir\u00e1 funcionando, pero muchos servicios RPC no\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-391\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.11.15\",\"matchCriteriaId\":\"4EE63D07-2640-412A-82B5-24C7B08E4182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.12.0\",\"versionEndExcluding\":\"4.12.9\",\"matchCriteriaId\":\"163B1F95-F904-4C26-8E77-DEC708753D78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.13.0\",\"versionEndExcluding\":\"4.13.1\",\"matchCriteriaId\":\"240B16EE-E139-40D2-BCB5-2A635031EC19\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1892636\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202012-24\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2020-14383.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.