Vulnerability CVE-2021-20254

Vulnerability Name:

CVE-2021-20254 (CCN-201081)

Assigned:

2020-12-17

Published:

2021-04-29

Updated:

2021-06-24

Summary:

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

6.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

6.8 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20254

Source: CCN
Type: Red Hat Bugzilla - Bug 1949442
CVE-2021-20254 samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1949442

Source: XF
Type: UNKNOWN
samba-cve202120254-sec-bypass(201081)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-1d0807008b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-7026246ea9

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-22

Source: MISC
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210430-0001/

Source: CCN
Type: IBM Security Bulletin 6452621 (i)
Samba for IBM i is affected by CVE-2021-20254

Source: CCN
Type: IBM Security Bulletin 6500923 (Storwize V7000 Unified)
Multiple Samba vulnerability issues in IBM Storwize V7000 Unified

Source: CCN
Type: IBM Security Bulletin 6523766 (Spectrum Scale)
A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-20254)

Source: CCN
Type: IBM Security Bulletin 6596981 (Spectrum Protect Plus)
Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)

Source: CCN
Type: Samba Web site
CVE-2021-20254.html

Source: MISC
Type: Vendor Advisory
https://www.samba.org/samba/security/CVE-2021-20254.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 3.6.0 and < 4.12.15)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.13.0 and < 4.13.8)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.14.0 and < 4.14.4)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:samba:samba:4.12.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.13.0:-:*:*:*:*:*:*

OR cpe:/a:samba:samba:4.14.0:-:*:*:*:*:*:*

AND

cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:778	P	Security update for permissions (Moderate)	2022-09-23
oval:org.opensuse.security:def:3679	P	Security update for ImageMagick (Moderate)	2022-07-06
oval:org.opensuse.security:def:3071	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94507	P	bind-utils-9.16.20-150400.3.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3395	P	jetty-http-9.4.43-3.12.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3072	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95218	P	libwmf-0_2-7-0.2.12-150000.4.4.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94701	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95226	P	xorg-x11-server-wayland-1.20.3-150200.22.5.52.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94702	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:112125	P	ctdb-4.14.6+git.182.2205d5224e3-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101939	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:101931	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-11-17
oval:org.opensuse.security:def:105662	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:com.redhat.rhsa:def:20214058	P	RHSA-2021:4058: samba security update (Moderate)	2021-11-02
oval:org.opensuse.security:def:111721	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:73890	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:64768	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:7679	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:76336	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:67268	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:8392	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:1573	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:6179	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:101509	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:1736	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:76548	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:68768	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:102294	P	Security update for samba (Important)	2021-09-22
oval:org.opensuse.security:def:101220	P	libsrtp-devel-1.6.0-2.19 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99650	P	(Important)	2021-06-18
oval:org.opensuse.security:def:99958	P	(Important)	2021-06-10
oval:com.redhat.rhsa:def:20212313	P	RHSA-2021:2313: samba security and bug fix update (Moderate)	2021-06-08
oval:org.opensuse.security:def:23896	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:9701	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:67093	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:86081	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:59468	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:5678	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:32913	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:92107	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:99451	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:88424	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:19560	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:8946	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:84137	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:108605	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:57440	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:92899	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31170	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:70392	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:98862	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:86553	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:59726	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:6004	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:33645	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:92302	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:69642	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:89123	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:84594	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:57912	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:93052	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31617	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:91870	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:99057	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:10252	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:87377	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:33903	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:51557	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:92501	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:75835	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:69841	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:89381	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:23569	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:9502	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:66767	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:85634	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:8314	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:58736	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:93205	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:32089	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:91912	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:99252	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:88112	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:19512	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:8751	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:56993	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:96927	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:51884	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:92700	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:76161	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:98820	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:111353	P	Security update for samba (Important)	2021-04-30
oval:org.opensuse.security:def:38313	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:8355	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:83276	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:55893	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:102855	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:45307	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:30069	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:69453	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:96165	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:55179	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:26041	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:10067	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:40877	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:83277	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:56012	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:103015	P	Security update for ldb, samba (Important)	2021-04-29
oval:org.opensuse.security:def:96913	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:46188	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:30070	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:75827	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:19603	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:9313	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:66759	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:109311	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:8248	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:82563	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:55180	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:76522	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:29356	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:68742	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:41758	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:8568	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:60245	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:83396	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:107886	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:56013	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:96914	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:30189	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:109521	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:82564	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:5670	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:55892	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:102645	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:29357	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:73606	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:64484	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:83397	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:108597	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:7653	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:95932	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:34422	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:30190	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:70207	P	Security update for samba (Important)	2021-04-29

BACK