Samba's security team has released security updates to fix vulnerabilities in multiple versions of Samba. Cyber threat actors can gain authority over the system by exploiting these vulnerabilities.
Samba announced its security announcements as CVE-2020-27840 and CVE-2021-20277.
CVE-2020-27840 affects all samba versions after Samba 4.0. Vulnerability occurred mainly due to heap corruption in DN directories. The cyber attacker can crash Samba DC LDAP servers by sending prepared DNs as connection requests.
CVE-2021-20277 affects Samba 4.0 and all earlier versions of Samba. User-controlled LDAP filter strings against the LDAP server can crash the LDAP server. This can also crash the LDAP server processing the request, as the search expression is normalized before any potential objects are matched.
Cyberarts security team recommends checking for updates and keeping automatic update features turned on in order not to be affected by such vulnerabilities.
Source:
https://www.samba.org/samba/security/CVE-2021-20277.html
https://www.samba.org/samba/security/CVE-2020-27840.html
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.