Vulnerability Description
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.0.0, < 4.11.15 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://security.gentoo.org/glsa/202012-24Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-14383.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1892636Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://security.gentoo.org/glsa/202012-24Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-14383.htmlVendor Advisory
FAQ
What is CVE-2020-14383?
CVE-2020-14383 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after...
How severe is CVE-2020-14383?
CVE-2020-14383 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14383?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Enterprise Linux.