A string in an LDAP attribute that contains multiple consecutive leading spaces can lead to a memmove() of out of bounds memory in ldb_handler_fold(). ldb_handler_fold() is used by case insensitive strings – that is most string attributes – in Active Directory. As the search expression is normalised prior to matching any potential objects this in turn may crash the LDAP server process handling the request.
It may be possible to leak the out of bounds memory by matching against it, but this is thought to be unlikely.
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Samba Security Announcements for CVE-2020-27840 and CVE-2021-20277 and apply the necessary updates and workarounds.
