Vulnerability Name:

CVE-2021-20251 (CCN-249277)

Assigned:2020-12-17
Published:2021-01-08
Updated:2021-01-08
Summary:Samba could allow a remote attacker to obtain sensitive information, caused by a race condition in the password lockout code. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2021-20251

Source: CCN
Type: The Samba-Bugzilla – Bug 14611
CVE-2021-20251 [SECURITY] Bad password count not incremented atomically

Source: XF
Type: UNKNOWN
samba-cve202120251-info-disc(249277)

Source: CCN
Type: Samba GIT Repository
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMRAES password change

Source: CCN
Type: Mend Vulnerability Database
CVE-2021-20251

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:samba:samba:4.1.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2021-20251 (CCN-249361)

    Assigned:2020-12-17
    Published:2021-02-17
    Updated:2023-03-31
    Summary:
    CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
    5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
    5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): High
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2021-20251

    Source: CCN
    Type: Red Hat Bugzilla – Bug 1929800
    CVE-2021-20251 samba: Race condition in the bad password lockout code

    Source: CCN
    Type: The Samba-Bugzilla – Bug 14611
    CVE-2021-20251 [SECURITY] Bad password count not incremented atomically

    Source: XF
    Type: UNKNOWN
    samba-cve202120251-brute-force(249361)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:samba:samba:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:4.12.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7662
    P
    		libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:51987
    P
    		Security update for samba (Important)
    2023-01-26
    BACK
    samba samba 4.1.7
    samba samba 4.1.0
    samba samba 4.12.2