ALAS2-2020-1544 --- sambaID: oval:org.secpod.oval:def:1700451 | Date: (C)2020-11-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process to terminate