CVE-2021-44142 / CVE-2020-25717 / CVE-2020-25719: samba multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
CVE-2021-44142: samba: Out-of-bounds heap read/write vulnerability VFS module vfs_fruit allows code execution
CVE-2020-25717: samba: A user in an AD Domain could become root on domain members
CVE-2020-25719: samba: AD DC did not always rely on the SID and PAC in Kerberos tickets.
Score:
cve_id status cvss2Score av ac au ai
CVE-2021-44142 fixed 9.0 N L S C
CVE-2020-25717 fixed 8.5 N L S N
CVE-2020-25719 fixed 9.0 N L S C
Description:
CVE-2021-44142: The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
References:
• https:/
• https:/
• https:/
• https:/
• https:/
• https:/
• https:/
• https:/
• https:/
Note: The 3 CVEs are fixed by CentOS per this announcement: https:/
Required Package Versions:
samba-client-
samba-common-
samba-common-
Packages:
samba
Found during February 2022 CVE Scan
CVE References
Changed in starlingx: | |
assignee: | Yue Tao (wrytao) → Joe Slater (jslater0wind) |
Screening: Marking as medium priority as this CVE meets the StarlingX fix criteria. Should be fixed in stx master and considered for cherry-pick to stx.6.0 if a maintenance release is planned