Alpine: samba: security update to 4.14.12-r0

high Tenable Cloud Security Plugin ID 407073

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility
with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to
4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via
specially crafted extended file attributes. A remote attacker with write access to extended file
attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

- A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to
retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124)

- A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use
this flaw to cause possible privilege escalation. (CVE-2020-25717)

- A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC
(read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)

- A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-
based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did
not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total
domain compromise. (CVE-2020-25719)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-2124

https://security.alpinelinux.org/vuln/CVE-2020-25717

https://security.alpinelinux.org/vuln/CVE-2020-25718

https://security.alpinelinux.org/vuln/CVE-2020-25719

https://security.alpinelinux.org/vuln/CVE-2020-25721

https://security.alpinelinux.org/vuln/CVE-2020-25722

https://security.alpinelinux.org/vuln/CVE-2021-23192

https://security.alpinelinux.org/vuln/CVE-2021-3738

https://security.alpinelinux.org/vuln/CVE-2021-44142

Plugin Details

Severity: High

ID: 407073

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 3/13/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7.7

Percentile: 99.19

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-44142

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-23192, CVE-2021-3738, CVE-2021-44142

IAVA: 2021-A-0554, 2022-A-0054