CVE-2021-3670

Name
CVE-2021-3670
Description
MaxQueryDuration not honoured in Samba AD DC LDAP
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.samba.org/show_bug.cgi?id=14694
MISC https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049
MISC https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2077533
MISC https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803
MISC https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393
MISC https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f
MISC https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002
MISC https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.1.0 <= None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.13-main 4.13.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.14-main 4.14.14-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.15-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.18-main 4.18.5-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.17-main 4.16.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.16-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba edge-main 4.18.7-r0 Natanael Copa <ncopa@alpinelinux.org> fixed