CVE-2021-20254

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://security.netapp.com/advisory/ntap-20210430-0001/

https://www.samba.org/samba/security/CVE-2021-20254.html

https://bugzilla.redhat.com/show_bug.cgi?id=1949442

https://lists.fedoraproject.org/archives/list/[email protected]/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/

https://security.gentoo.org/glsa/202105-22

https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

Details

Source: MITRE

Published: 2021-05-05

Updated: 2021-06-24

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 6.8

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
155741RHEL 8 : samba (RHSA-2021:4866)NessusRed Hat Local Security Checks
medium
154870CentOS 8 : samba (CESA-2021:4058)NessusCentOS Local Security Checks
medium
154847RHEL 8 : samba (RHSA-2021:4058)NessusRed Hat Local Security Checks
medium
154844Oracle Linux 8 : samba (ELSA-2021-4058)NessusOracle Linux Local Security Checks
medium
154670RHEL 7 : samba (RHSA-2021:3988)NessusRed Hat Local Security Checks
medium
154613NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Vulnerability (NS-SA-2021-0114)NessusNewStart CGSL Local Security Checks
medium
154383EulerOS 2.0 SP3 : samba (EulerOS-SA-2021-2615)NessusHuawei Local Security Checks
medium
153887RHEL 8 : samba (RHSA-2021:3724)NessusRed Hat Local Security Checks
medium
153886RHEL 7 : samba (RHSA-2021:3723)NessusRed Hat Local Security Checks
critical
153580SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2021:3187-1)NessusSuSE Local Security Checks
medium
153579openSUSE 15 Security Update : samba (openSUSE-SU-2021:3187-1)NessusSuSE Local Security Checks
medium
153277EulerOS 2.0 SP2 : samba (EulerOS-SA-2021-2446)NessusHuawei Local Security Checks
medium
153050EulerOS 2.0 SP5 : samba (EulerOS-SA-2021-2347)NessusHuawei Local Security Checks
medium
152402EulerOS 2.0 SP8 : samba (EulerOS-SA-2021-2315)NessusHuawei Local Security Checks
medium
152333EulerOS 2.0 SP9 : samba (EulerOS-SA-2021-2282)NessusHuawei Local Security Checks
medium
152330EulerOS 2.0 SP9 : samba (EulerOS-SA-2021-2256)NessusHuawei Local Security Checks
medium
151563EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2021-2179)NessusHuawei Local Security Checks
medium
151550EulerOS Virtualization 2.9.0 : samba (EulerOS-SA-2021-2200)NessusHuawei Local Security Checks
medium
151299EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-2079)NessusHuawei Local Security Checks
medium
151266Amazon Linux 2 : samba (ALAS-2021-1680)NessusAmazon Linux Local Security Checks
medium
150767CentOS 7 : samba (CESA-2021:2313)NessusCentOS Local Security Checks
medium
150655SUSE SLES11 Security Update : samba (SUSE-SU-2021:14709-1)NessusSuSE Local Security Checks
high
150478Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2021:2313)NessusScientific Linux Local Security Checks
medium
150425Oracle Linux 7 : samba (ELSA-2021-2313)NessusOracle Linux Local Security Checks
medium
150378RHEL 7 : samba (RHSA-2021:2313)NessusRed Hat Local Security Checks
medium
150107Debian DLA-2668-1 : samba security updateNessusDebian Local Security Checks
medium
149562openSUSE Security Update : samba (openSUSE-2021-636)NessusSuSE Local Security Checks
high
149350Samba 3.6.x < 4.12.15 / 4.13.x < 4.13.8 / 4.14.x < 4.14.4 Unauthorized File AccessNessusMisc.
medium
149270SUSE SLES15 Security Update : samba (SUSE-SU-2021:1498-1)NessusSuSE Local Security Checks
high
149263SUSE SLES12 Security Update : samba (SUSE-SU-2021:1492-1)NessusSuSE Local Security Checks
high
149231FreeBSD : samba -- negative idmap cache entries vulnerability (6f33d38b-aa18-11eb-b3f1-005056a311d1)NessusFreeBSD Local Security Checks
medium
149195SUSE SLES12 Security Update : samba (SUSE-SU-2021:1439-1)NessusSuSE Local Security Checks
high
149185SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2021:1444-1)NessusSuSE Local Security Checks
high
149174SUSE SLES12 Security Update : samba (SUSE-SU-2021:1438-1)NessusSuSE Local Security Checks
high
149152SUSE SLES12 Security Update : samba (SUSE-SU-2021:1442-1)NessusSuSE Local Security Checks
high
149135SUSE SLES15 Security Update : samba (SUSE-SU-2021:1445-1)NessusSuSE Local Security Checks
high
149093Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : Samba vulnerability (USN-4930-1)NessusUbuntu Local Security Checks
medium