CVE-2021-3670 — MEDIUM (6.5)

Q: What is CVE-2021-3670?

CVE-2021-3670 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MaxQueryDuration not honoured in Samba AD DC LDAP

Q: How severe is CVE-2021-3670?

CVE-2021-3670 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3670?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Storage, Fedoraproject Fedora.

Vulnerability Description

MaxQueryDuration not honoured in Samba AD DC LDAP

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 4.1.0, < 4.16.0
Redhat	Storage	3.0
Fedoraproject	Fedora	35

Related Weaknesses (CWE)

CWE-400

References

https://bugzilla.redhat.com/show_bug.cgi?id=2077533Issue TrackingPatchThird Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14694Issue TrackingPatchVendor Advisory
https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a92PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce14PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf081PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d5PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db4203PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478cPatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a7PatchThird Party Advisory
https://security.gentoo.org/glsa/202309-06Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2077533Issue TrackingPatchThird Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14694Issue TrackingPatchVendor Advisory
https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a92PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce14PatchThird Party Advisory
https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf081PatchThird Party Advisory

FAQ

What is CVE-2021-3670?

CVE-2021-3670 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MaxQueryDuration not honoured in Samba AD DC LDAP

How severe is CVE-2021-3670?

CVE-2021-3670 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3670?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Storage, Fedoraproject Fedora.