CVE-2021-3670

moderate-risk

Published 2022-08-23

MaxQueryDuration not honoured in Samba AD DC LDAP

Do I need to act?

3.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Samba

Storage

Fedora

Redhat Samba Fedoraproject

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2077533

Issue Tracking https://bugzilla.samba.org/show_bug.cgi?id=14694

Patch https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a92...

Patch https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce14...

Patch https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf081...

Patch https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d5...

Patch https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db4203...

Patch https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c...

Patch https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a7...

Third Party Advisory https://security.gentoo.org/glsa/202309-06