#VU57324 NULL pointer dereference in Samba


Published: 2021-10-13

Vulnerability identifier: #VU57324

Vulnerability risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3671

CWE-ID: CWE-476

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way samba kerberos server handles missing sname attribute in TGS-REQ (Ticket Granting Server - Request). A remote authenticated user can send a specially crafted request to the samba server and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.14.0 - 4.14.7, 4.13.0 - 4.13.11

External links
http://bugzilla.samba.org/show_bug.cgi?id=14770
http://bugzilla.redhat.com/show_bug.cgi?id=2013080
http://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for heimdal
FreeBSD update for heimdal
Multiple vulnerabilities in Heimdal
Multiple vulnerabilities in cflinuxfs3
Ubuntu update for heimdal
Ubuntu update for samba
Ubuntu update for samba
Ubuntu update for samba
Ubuntu update for samba
Ubuntu update for samba