Detections
Analytics
Alibaba Cloud Linux 3 : 0077: samba (ALINUX3-SA-2021:0077)
critical Nessus Plugin ID 236653
Synopsis
The remote Alibaba Cloud Linux host is missing one or more security updates.Description
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0077 advisory.Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:
CVE-2019-10197:
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
CVE-2019-10218:
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
CVE-2019-14907:
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.
In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2019-3880:
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
CVE-2020-14318:
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
CVE-2020-14323:
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
CVE-2020-14383:
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
CVE-2020-1472:
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
CVE-2020-25717:
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2021-20254:
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-23192:
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20210077.xml
Plugin Details
Severity: Critical
ID: 236653
File Name: alinux3_sa_2021-0077.nasl
Version: 1.1
Type: local
Published: 5/14/2025
Updated: 5/14/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 10.0
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-1472
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2019-10197
Vulnerability Information
CPE: p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-samba-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libsmbclient, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-common-tools-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ctdb-tests-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-test, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-modules, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libwbclient-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-pidl, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-samba, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libsmbclient-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-krb5-printing, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-krb5-printing-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ctdb-tests, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-clients-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-client-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-clients, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-client-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libwbclient-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-vfs-glusterfs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-vfs-glusterfs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-common-tools, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-test-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winexe, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libwbclient, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-krb5-locator-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-test-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-client-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-debugsource, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-samba-test, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-krb5-locator, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-common-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winexe-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-common-libs-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:libsmbclient-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-test-debuginfo, cpe:/o:alibabacloud:alibaba_cloud_linux_3, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-modules-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-client, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-winbind-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-samba-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ctdb, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:samba-common, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:ctdb-debuginfo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Alibaba/release, Host/Alibaba/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/3/2021
Vulnerability Publication Date: 4/8/2019
CISA Known Exploited Vulnerability Due Dates: 9/21/2020
Reference Information
CVE: CVE-2019-10197, CVE-2019-10218, CVE-2019-14907, CVE-2019-3880, CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2020-1472, CVE-2020-25717, CVE-2021-20254, CVE-2021-23192