Seems like there is a more localized page available for your location.
Store

Résumé du panier ()

Total (undefined articles)TVA incluse undefined%. Les frais de port seront calculés lors du paiement.

Continuer mes achats

Série Bee de Synology
Produits de A à Z
Store

Synology-SA-20:09 Samba AD DC

Publish Time: UTC+8

Last Updated: UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2020-10704 allows to conduct denial-of-service attacks via a susceptible version of Synology Directory Server.

None of Synology products are affected by CVE-2020-10700 as this vulnerability only affect Samba 4.10.0 and later.

Affected Products

Product Severity Fixed Release Availability
Synology Directory Server Important Upgrade DSM to 6.2.4-25513 or above.

Mitigation

None

Detail

  • CVE-2020-10704

    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

  • CVE-2020-10700

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Reference

Revision

Revision Date Description
1 2020-04-29 Initial public release.
2 2021-02-23 Update for Synology Directory Server is now available in Affected Products.
3 2021-04-12 Disclosed vulnerability details.