CVE-2020-10704
📋 TL;DR
This vulnerability allows an unauthenticated attacker to trigger a stack overflow in Samba when configured as an Active Directory Domain Controller LDAP server, causing a denial of service. The flaw affects Samba versions before 4.10.15, 4.11.8, and 4.12.2. Only Samba installations acting as AD DCs are vulnerable.
💻 Affected Systems
- Samba
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Leap by Opensuse
Samba by Samba
Samba by Samba
Samba by Samba
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the Samba AD Domain Controller, preventing authentication, file sharing, and directory services for all domain users.
Likely Case
Denial of service affecting the Samba AD DC service, requiring service restart or server reboot to restore functionality.
If Mitigated
No impact if Samba is not configured as an Active Directory Domain Controller or if proper network segmentation prevents unauthorized access.
🎯 Exploit Status
The vulnerability requires sending specially crafted LDAP requests to the Samba AD DC service. No authentication is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Samba 4.10.15, 4.11.8, or 4.12.2 and later
Vendor Advisory: https://www.samba.org/samba/security/CVE-2020-10704.html
Restart Required: Yes
Instructions:
1. Update Samba to version 4.10.15, 4.11.8, or 4.12.2 or later using your distribution's package manager. 2. Restart the Samba service (smbd, nmbd, samba-ad-dc). 3. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to Samba AD DC LDAP ports (typically 389 and 636) to trusted networks only.
iptables -A INPUT -p tcp --dport 389 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 389 -j DROP
iptables -A INPUT -p tcp --dport 636 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 636 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit LDAP access to authorized clients only.
- Monitor Samba AD DC service for crashes and have incident response procedures ready for potential DoS events.
🔍 How to Verify
Check if Vulnerable:
Check if Samba is configured as an AD DC and verify the version. Run: smbstatus -V and check configuration files for 'server role = active directory domain controller'.Check Version:
smbstatus -VVerify Fix Applied:
After patching, verify the Samba version is 4.10.15, 4.11.8, 4.12.2 or later with: smbstatus -V📡 Detection & Monitoring
Log Indicators:
- Samba AD DC service crashes or abnormal termination in system logs
- High volume of LDAP requests from single sources in Samba logs
Network Indicators:
- Unusual LDAP traffic patterns to Samba AD DC ports
- Multiple connection attempts to LDAP ports from untrusted sources
SIEM Query:
source="samba" AND (event="crash" OR event="segfault") OR (protocol="LDAP" AND dest_port=389 AND src_ip NOT IN trusted_networks)🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10704.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10704.html
