VID |
23325 |
Severity |
40 |
Port |
139 |
Protocol |
TCP |
Class |
Samba |
Detailed Description |
The version of Samba running on the remote host is 3.6.x prior to 4.12.5, 4.13.x prior to 4.13.8, or 4.14.x prior to 4.14.4. It is, therefore, potentially affected by an unauthorized file access flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The flaw can impact data confidentiality and integrity by allowing unauthorized access.
* References: https://www.samba.org/samba/security/CVE-2021-20254.html https://www.samba.org/samba/history/security.html
* Platforms Affected: Samba Project, Samba versions 4.14.x before 4.14.4 Linux Any version Unix Any version |
Recommendation |
Upgrade to the latest version of Samba 4.14.4 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
Related URL |
CVE-2021-20254 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|