NVD Vulnerability Detail

CVE-2021-3670

Summary	MaxQueryDuration not honoured in Samba AD DC LDAP
Publication Date	Aug. 24, 2022, 1:15 a.m.
Registration Date	Aug. 24, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:22 p.m.

CVSS3.1 : MEDIUM
スコア	6.5
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:samba:samba::::::::		4.1.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:redhat:storage:3.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.redhat.com/show_bug.cgi?id=2077533	Issue Tracking Patch Third Party Advisory
2	https://bugzilla.redhat.com/show_bug.cgi?id=2077533	Issue Tracking Patch Third Party Advisory
3	https://bugzilla.samba.org/show_bug.cgi?id=14694	Issue Tracking Patch Vendor Advisory
4	https://bugzilla.samba.org/show_bug.cgi?id=14694	Issue Tracking Patch Vendor Advisory
5	https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f	Patch Third Party Advisory
6	https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f	Patch Third Party Advisory
7	https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002	Patch Third Party Advisory
8	https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002	Patch Third Party Advisory
9	https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393	Patch Third Party Advisory
10	https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393	Patch Third Party Advisory
11	https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b	Patch Third Party Advisory
12	https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b	Patch Third Party Advisory
13	https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803	Patch Third Party Advisory
14	https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803	Patch Third Party Advisory
15	https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81	Patch Third Party Advisory
16	https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81	Patch Third Party Advisory
17	https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049	Patch Third Party Advisory
18	https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049	Patch Third Party Advisory
19	https://security.gentoo.org/glsa/202309-06
20	https://security.gentoo.org/glsa/202309-06

Common Vulnerabilities List

JVN Vulnerability Information

Samba Project の Samba 他複数ベンダの製品における脆弱性

Title	Samba Project の Samba 他複数ベンダの製品における脆弱性
Summary	Samba Project の Samba 他複数ベンダの製品には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	July 30, 2021, midnight
Registration Date	Sept. 28, 2023, 5:11 p.m.
Last Update	Sept. 28, 2023, 5:11 p.m.

Affected System

レッドハット

Red Hat Storage 3.0

Samba Project

Samba 4.1.0 以上

Fedora Project

Fedora 35

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-3670	https://www.cve.org/CVERecord?id=CVE-2021-3670
National Vulnerability Database (NVD)
2	CVE-2021-3670	https://nvd.nist.gov/vuln/detail/CVE-2021-3670

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	bugzilla.redhat.com (2077533)	https://bugzilla.redhat.com/show_bug.cgi?id=2077533
2	bugzilla.samba.org (14694)	https://bugzilla.samba.org/show_bug.cgi?id=14694
3	gitlab.com (1d5b155619bc532c46932965b215bd73a920e56f)	https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f
4	gitlab.com (2b3af3b560c9617a233c131376c870fce146c002)	https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002
5	gitlab.com (3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393)	https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393
6	gitlab.com (5f0590362c5c0c5ee20503a67467f9be2d50e73b)	https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b
7	gitlab.com (86fe9d48883f87c928bf31ccbd275db420386803)	https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803
8	gitlab.com (dcfcafdbf756e12d9077ad7920eea25478c29f81)	https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81
9	gitlab.com (e1ab0c43629686d1d2c0b0b2bcdc90057a792049)	https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049
10	security.gentoo.org (202309-06)	https://security.gentoo.org/glsa/202309-06

Change Log

No	Changed Details	Date of change
1	[2023年09月28日] 掲載	Sept. 28, 2023, 5:11 p.m.