| commit | 980831bb97c0caca95cf1d24d475f829f3c0a1d1 | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Wed, 11 Mar 2020 03:43:31 +0000 (11 16:43 +1300) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Tue, 21 Apr 2020 11:20:31 +0000 (21 13:20 +0200) | ||
| tree | 302712b441dfbd3cf8db07388de18cab9211a26a | treesnapshot (tar.gz zip) |
| parent | 24e621b4dde15a26f4fbf1a2e2bc7ecdb77d26a4 | commitdiff |
CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| selftest/knownfail.d/asq | [deleted file] | blobblamehistory |
| source4/dsdb/samdb/ldb_modules/paged_results.c | diffblobblamehistory |