FBI warning: These Samba flaws can be exploited to take control of a network

Network security course specialists reported the finding of multiple vulnerabilities in Samba, the free implementation of Microsoft Windows Shared File Protocol for UNIX-like systems. Successful exploitation of these flaws could have various consequences depending on the deployed attack.

According to a recently published report by the Federal Bureau of Investigation (FBI), an attack involving the active exploitation of these flaws could allow attackers to take control of the target network. Below are brief descriptions of reported vulnerabilities.

CVE-2020-14303: This is a zero-length UDP packet flaw in Samba AD DC nbtd. The AD DC NBT server on Samba 4.0 will enter a CPU turn and will not process any more requests once it receives an empty UDP packet to port 137.

The AD DC client and server-side processing code for NBT name resolution will enter a closed loop if an empty UDP packet is received, network security course experts mention. All versions from Samba 4.0 are affected by this flaw.

CVE-2020-10730: NULL pointer dereference and use-after-free error on Samba AD DC LDAP server with ASQ, VLV, and paged_results. Samba supports VLV’s Active Directory LDAP feature, to allow clients to get ‘virtual list views’ from search results against a Samba DC DC using an LDAP control. The combination of this control and the ASQ control allow an authenticated user to trigger a NULL pointer dereference.

This flaw affects Samba versions 4.5.0 and later, mentioned by network security course specialists.

CVE-2020-10745: Analysis and packaging of NBT and DNS packets can over-consume CPU resources in AD DC. The NetBIOS name resolution protocol over TCP/IP is framed in the same format as DNS. The Samba packaging code for both uses DNS name compression.

Threat actors can choose a name that, when included in the response, causes the DNS name compression algorithm to traverse a very long internal list while trying to compress the response, triggering the flaw.

This vulnerability affects all versions of Samba from 4.0.0.

CVE-2020-10760: Use-after-free LDAP error in Samba AD DC global catalog with paged_results and VLV. Samba implements VLV and control paged_results using similar code.

When these controls are used by a client connecting to the Global Catalog server, these modules cannot correctly retain the control data along with the request, causing a use-after-free error when the talloc library detects it. The flaw resides in versions 4.5.0 and later.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.