Vulnerability CVE-2021-20316

Vulnerability Name:

CVE-2021-20316 (CCN-234227)

Assigned:

2020-12-17

Published:

2022-01-10

Updated:

2022-08-26

Summary:

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): High Availibility (A): None

5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20316

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-20316

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2009673

Source: CCN
Type: The Samba-Bugzilla - Bug 14842
CVE-2021-20316 [SECURITY] Fileserver symlink metadata share escape

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14842

Source: XF
Type: UNKNOWN
samba-cve202120316-sec-bypass(234227)

Source: MISC
Type: Mitigation, Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-20316

Source: CCN
Type: Samba Web site
CVE-2021-20316.html

Source: MISC
Type: Vendor Advisory
https://www.samba.org/samba/security/CVE-2021-20316.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version < 4.15.0)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:samba:samba:4.14.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20222074	P	RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate)	2022-05-10
oval:org.opensuse.security:def:6156	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:4303	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:5339	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:1757	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:102146	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:99206	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:935	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100410	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:42332	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:102246	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:99480	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:1586	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100744	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:102309	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:99742	P	(Critical)	2022-02-08
oval:org.opensuse.security:def:1685	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:101627	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:100072	P	(Critical)	2022-02-08

BACK