CVE-2021-3670

NameCVE-2021-3670
DescriptionMaxQueryDuration not honoured in Samba AD DC LDAP
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ldb (PTS)stretch2:1.1.27-1+deb9u1vulnerable
stretch (security)2:1.1.27-1+deb9u2vulnerable
buster, buster (security)2:1.5.1+really1.4.6-3+deb10u1vulnerable
bullseye, bullseye (security)2:2.2.3-2~deb11u1fixed
samba (PTS)stretch2:4.5.16+dfsg-1+deb9u2vulnerable
stretch (security)2:4.5.16+dfsg-1+deb9u4vulnerable
buster, buster (security)2:4.9.5+dfsg-5+deb10u3vulnerable
bullseye, bullseye (security)2:4.13.13+dfsg-1~deb11u3vulnerable
bookworm, sid2:4.16.1+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ldbsource(unstable)2:2.2.3-1
sambasource(unstable)2:4.16.0+dfsg-2

Notes

[buster] - ldb <no-dsa> (Minor issue)
[stretch] - ldb <no-dsa> (Minor issue)
[bullseye] - samba <no-dsa> (Minor issue)
[buster] - samba <ignored> (Minor issue; affects Samba as AD DC; cf DSA 5015-1)
https://bugzilla.redhat.com/show_bug.cgi?id=2077533
https://bugzilla.samba.org/show_bug.cgi?id=14694
https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81
https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803
https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049
ldb: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f
https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002
https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b
https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393
Fixed in ldb 2.5.0, 2.4.2 and 2.3.3

Search for package or bug name: Reporting problems