SB2021050326 - Ubuntu update for samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021050326

SB2021050326 - Ubuntu update for samba

Published: May 3, 2021

Security Bulletin ID SB2021050326
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-14318)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.


2) NULL pointer dereference (CVE-ID: CVE-2020-14323)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.


3) Memory corruption (CVE-ID: CVE-2020-14383)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing DNS records. A remote user

 with ability to create MX or NS records with absent properties can trigger the RPC service to dereference uninitialized memory and will result in denial of service attack against the RPC service.

4) Out-of-bounds read (CVE-ID: CVE-2021-20254)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when mapping Windows group identities (SIDs) into unix group identities (gids), which resulted into negative idmap cache entries created in the Samba server process token. An attacker who can manage to trigger the vulnerability can crash the Samba server or potentially perform unauthorized actions on the system.


Remediation

Install update from vendor's website.

References