Ubuntu update for samba



Published: 2021-12-13
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2016-2124
CVE-2020-25717
CVE-2020-25722
CVE-2021-3671
CWE-ID CWE-284
CWE-264
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

samba (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU58098

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2124

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to SMB1 client connections can be downgraded to plaintext authentication. A remote attacker can perform a man-in-the-middle attack and downgrade a negotiated SMB1 client connection and its capabitilities.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

Ubuntu: 18.04

samba (Ubuntu package): before 2:4.7.6+dfsg~ubuntu-0ubuntu2.27

External links

http://ubuntu.com/security/notices/USN-5174-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58097

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25717

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Windows Active Directory (AD) domains have by default a feature to allow users to create computer accounts. A remote authenticated attacker can create such account with elevated privileges on the system.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

Ubuntu: 18.04

samba (Ubuntu package): before 2:4.7.6+dfsg~ubuntu-0ubuntu2.27

External links

http://ubuntu.com/security/notices/USN-5174-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58093

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25722

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

Ubuntu: 18.04

samba (Ubuntu package): before 2:4.7.6+dfsg~ubuntu-0ubuntu2.27

External links

http://ubuntu.com/security/notices/USN-5174-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU57324

Risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3671

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way samba kerberos server handles missing sname attribute in TGS-REQ (Ticket Granting Server - Request). A remote authenticated user can send a specially crafted request to the samba server and perform a denial of service (DoS) attack.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

Ubuntu: 18.04

samba (Ubuntu package): before 2:4.7.6+dfsg~ubuntu-0ubuntu2.27

External links

http://ubuntu.com/security/notices/USN-5174-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###