CVE-2020-14383
MEDIUMSamba 4.0.0-4.11.14 - Authenticated Denial of Service via DNS RPC Server
Title source: llmDescription
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202012-24
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1892636
Vendor Advisory
https://www.samba.org/samba/security/CVE-2020-14383.html
Scores
CVSS v3
6.5
EPSS
0.0046
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-391
Status
published
Products (2)
redhat/enterprise_linux
8.0
samba/samba
4.0.0 - 4.11.15
Published
Dec 02, 2020
Tracked Since
Feb 18, 2026