CVE-2021-20254

05.05.2021, 14:15

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Affected Products (NVD)

Vendor	Product	Version
samba	samba	3.6.0 ≤ 𝑥 < 4.12.15
samba	samba	4.13.0 ≤ 𝑥 < 4.13.8
samba	samba	4.14.0 ≤ 𝑥 < 4.14.4
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

samba

bookworm	2:4.17.12+dfsg-0+deb12u1 fixed
bookworm (security)	2:4.17.12+dfsg-0+deb12u1 fixed
bullseye	2:4.13.13+dfsg-1~deb11u6 fixed
bullseye (security)	2:4.13.13+dfsg-1~deb11u6 fixed
buster	no-dsa
sid	2:4.21.1+dfsg-2 fixed
trixie	2:4.21.1+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

samba

bionic	Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 released
focal	Fixed 2:4.11.6+dfsg-0ubuntu1.8 released
groovy	Fixed 2:4.12.5+dfsg-3ubuntu4.3 released
hirsute	Fixed 2:4.13.3+dfsg-1ubuntu2.1 released
trusty	Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11 released
xenial	Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.34 released

Red Hat Enterprise Linux Releases

Red Hat Product

Release

ctdb

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

ctdb-tests

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

libsmbclient

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

libsmbclient-devel

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

libwbclient

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

libwbclient-devel

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

python3-samba

RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

python3-samba-test

RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-client

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-client-libs

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-common

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-common-libs

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-common-tools

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-dc

RHEL 7

0:4.10.16-15.el7_9

fixed

samba-dc-libs

RHEL 7

0:4.10.16-15.el7_9

fixed

samba-devel

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-krb5-printing

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-libs

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-pidl

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-python

RHEL 7

0:4.10.16-15.el7_9

fixed

samba-python-test

RHEL 7

0:4.10.16-15.el7_9

fixed

samba-test

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-test-libs

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-vfs-glusterfs

RHEL 7

0:4.10.16-15.el7_9

fixed

samba-winbind

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-winbind-clients

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-winbind-krb5-locator

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-winbind-modules

RHEL 7	0:4.10.16-15.el7_9 fixed
RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.2 AUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 E4S	0:4.11.2-15.el8_2 fixed
RHEL 8.2 EUS	0:4.11.2-15.el8_2 fixed
RHEL 8.2 TUS	0:4.11.2-15.el8_2 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

samba-winexe

RHEL 8	0:4.13.3-5.el8_4 fixed
RHEL 8.4 AUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 E4S	0:4.13.3-5.el8_4 fixed
RHEL 8.4 EUS	0:4.13.3-5.el8_4 fixed
RHEL 8.4 TUS	0:4.13.3-5.el8_4 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1949442

https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/

https://security.gentoo.org/glsa/202105-22

https://security.netapp.com/advisory/ntap-20210430-0001/

https://www.samba.org/samba/security/CVE-2021-20254.html

https://bugzilla.redhat.com/show_bug.cgi?id=1949442

https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/

https://security.gentoo.org/glsa/202105-22

https://security.netapp.com/advisory/ntap-20210430-0001/

https://www.samba.org/samba/security/CVE-2021-20254.html