CVE-2021-3670
Summary
| CVE | CVE-2021-3670 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-23 16:15:00 UTC |
| Updated | 2023-09-17 09:15:00 UTC |
| Description | MaxQueryDuration not honoured in Samba AD DC LDAP |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it (5f059036) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration (86fe9d48) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts (3507e96b) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing (1d5b1556) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details (2b3af3b5) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts (dcfcafdb) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security | MISC | security.gentoo.org | |
| CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero (e1ab0c43) · Commits · The Samba Team / Samba · GitLab | MISC | gitlab.com | |
| 14694 – (CVE-2021-3670) CVE-2021-3670 [SECURITY] MaxQueryDuration not honoured in Samba AD DC LDAP | MISC | bugzilla.samba.org | |
| 2077533 – (CVE-2021-3670) CVE-2021-3670 samba: MaxQueryDuration not honoured in Samba AD DC LDAP | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180150 Debian Security Update for ldb (CVE-2021-3670)
- 198878 Ubuntu Security Notification for Samba Vulnerabilities (USN-5542-1)
- 502789 Alpine Linux Security Update for samba
- 505682 Alpine Linux Security Update for samba
- 671918 EulerOS Security Update for samba (EulerOS-SA-2022-2011)
- 671954 EulerOS Security Update for samba (EulerOS-SA-2022-1981)
- 672025 EulerOS Security Update for samba (EulerOS-SA-2022-2262)
- 672058 EulerOS Security Update for samba (EulerOS-SA-2022-2249)
- 672587 EulerOS Security Update for samba (EulerOS-SA-2023-1336)
- 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
- 752114 SUSE Enterprise Linux Security Update for ldb (SUSE-SU-2022:1576-1)
- 752303 SUSE Enterprise Linux Security Update for ldb, samba (SUSE-SU-2022:2307-1)
- 903822 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (10662)