CVE-2020-10745
📋 TL;DR
This vulnerability allows remote attackers to cause denial of service through excessive CPU consumption by exploiting a flaw in Samba's NetBIOS over TCP/IP processing. All Samba servers before versions 4.10.17, 4.11.11, and 4.12.4 are affected. The primary impact is system availability degradation.
💻 Affected Systems
- Samba
📦 What is this software?
Fedora by Fedoraproject
Leap by Opensuse
Leap by Opensuse
Samba by Samba
Samba by Samba
Samba by Samba
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion, potentially affecting all Samba services including file sharing, authentication, and domain services.
Likely Case
Degraded performance and intermittent service disruptions affecting Samba-dependent applications and users.
If Mitigated
Minimal impact with proper network segmentation and monitoring in place to detect and block attack attempts.
🎯 Exploit Status
The vulnerability is in protocol processing, making exploitation relatively straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.10.17, 4.11.11, or 4.12.4 and later
Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1849491
Restart Required: Yes
Instructions:
1. Check current Samba version. 2. Update using your distribution's package manager (apt, yum, etc.). 3. Restart Samba services (smbd, nmbd). 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable NetBIOS over TCP/IP
linuxDisable the vulnerable protocol component if not required
Edit /etc/samba/smb.conf and add: disable netbios = yes
Restart Samba: systemctl restart smbd nmbd
Network segmentation
linuxRestrict access to Samba ports (137-139, 445) using firewall rules
iptables -A INPUT -p tcp --dport 137:139 -j DROP
iptables -A INPUT -p udp --dport 137:139 -j DROP
iptables -A INPUT -p tcp --dport 445 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit Samba exposure
- Deploy rate limiting or intrusion prevention systems to detect and block DoS attempts
🔍 How to Verify
Check if Vulnerable:
Check Samba version: smbd --version | grep 'Version'Check Version:
smbd --version | grep -o 'Version [0-9.]\+'Verify Fix Applied:
Verify version is 4.10.17+, 4.11.11+, or 4.12.4+ and test Samba functionality📡 Detection & Monitoring
Log Indicators:
- High CPU usage by smbd/nmbd processes
- Unusual NetBIOS traffic patterns
- Connection spikes to ports 137-139 or 445
Network Indicators:
- Abnormal NetBIOS packet rates
- Sustained connections to Samba ports from single sources
SIEM Query:
source="samba.log" AND ("high cpu" OR "excessive connections" OR "netbios flood")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10745.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10745.html
