9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.3 High
AI Score
Confidence
Low
0.467 Medium
EPSS
Percentile
97.5%
Issue Overview:
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)
A null pointer dereference flaw was found in Samba’s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323)
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator
privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)
Affected Packages:
samba
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update samba to update your system.
New Packages:
aarch64:
samba-4.10.16-9.amzn2.0.1.aarch64
samba-client-4.10.16-9.amzn2.0.1.aarch64
samba-client-libs-4.10.16-9.amzn2.0.1.aarch64
samba-common-libs-4.10.16-9.amzn2.0.1.aarch64
samba-common-tools-4.10.16-9.amzn2.0.1.aarch64
samba-dc-4.10.16-9.amzn2.0.1.aarch64
samba-dc-libs-4.10.16-9.amzn2.0.1.aarch64
samba-devel-4.10.16-9.amzn2.0.1.aarch64
samba-krb5-printing-4.10.16-9.amzn2.0.1.aarch64
samba-libs-4.10.16-9.amzn2.0.1.aarch64
libsmbclient-4.10.16-9.amzn2.0.1.aarch64
libsmbclient-devel-4.10.16-9.amzn2.0.1.aarch64
libwbclient-4.10.16-9.amzn2.0.1.aarch64
libwbclient-devel-4.10.16-9.amzn2.0.1.aarch64
samba-python-4.10.16-9.amzn2.0.1.aarch64
samba-python-test-4.10.16-9.amzn2.0.1.aarch64
samba-test-4.10.16-9.amzn2.0.1.aarch64
samba-test-libs-4.10.16-9.amzn2.0.1.aarch64
samba-winbind-4.10.16-9.amzn2.0.1.aarch64
samba-winbind-clients-4.10.16-9.amzn2.0.1.aarch64
samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1.aarch64
samba-winbind-modules-4.10.16-9.amzn2.0.1.aarch64
ctdb-4.10.16-9.amzn2.0.1.aarch64
ctdb-tests-4.10.16-9.amzn2.0.1.aarch64
samba-debuginfo-4.10.16-9.amzn2.0.1.aarch64
i686:
samba-4.10.16-9.amzn2.0.1.i686
samba-client-4.10.16-9.amzn2.0.1.i686
samba-client-libs-4.10.16-9.amzn2.0.1.i686
samba-common-libs-4.10.16-9.amzn2.0.1.i686
samba-common-tools-4.10.16-9.amzn2.0.1.i686
samba-dc-4.10.16-9.amzn2.0.1.i686
samba-dc-libs-4.10.16-9.amzn2.0.1.i686
samba-devel-4.10.16-9.amzn2.0.1.i686
samba-krb5-printing-4.10.16-9.amzn2.0.1.i686
samba-libs-4.10.16-9.amzn2.0.1.i686
libsmbclient-4.10.16-9.amzn2.0.1.i686
libsmbclient-devel-4.10.16-9.amzn2.0.1.i686
libwbclient-4.10.16-9.amzn2.0.1.i686
libwbclient-devel-4.10.16-9.amzn2.0.1.i686
samba-python-4.10.16-9.amzn2.0.1.i686
samba-python-test-4.10.16-9.amzn2.0.1.i686
samba-test-4.10.16-9.amzn2.0.1.i686
samba-test-libs-4.10.16-9.amzn2.0.1.i686
samba-winbind-4.10.16-9.amzn2.0.1.i686
samba-winbind-clients-4.10.16-9.amzn2.0.1.i686
samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1.i686
samba-winbind-modules-4.10.16-9.amzn2.0.1.i686
ctdb-4.10.16-9.amzn2.0.1.i686
ctdb-tests-4.10.16-9.amzn2.0.1.i686
samba-debuginfo-4.10.16-9.amzn2.0.1.i686
noarch:
samba-common-4.10.16-9.amzn2.0.1.noarch
samba-pidl-4.10.16-9.amzn2.0.1.noarch
src:
samba-4.10.16-9.amzn2.0.1.src
x86_64:
samba-4.10.16-9.amzn2.0.1.x86_64
samba-client-4.10.16-9.amzn2.0.1.x86_64
samba-client-libs-4.10.16-9.amzn2.0.1.x86_64
samba-common-libs-4.10.16-9.amzn2.0.1.x86_64
samba-common-tools-4.10.16-9.amzn2.0.1.x86_64
samba-dc-4.10.16-9.amzn2.0.1.x86_64
samba-dc-libs-4.10.16-9.amzn2.0.1.x86_64
samba-devel-4.10.16-9.amzn2.0.1.x86_64
samba-vfs-glusterfs-4.10.16-9.amzn2.0.1.x86_64
samba-krb5-printing-4.10.16-9.amzn2.0.1.x86_64
samba-libs-4.10.16-9.amzn2.0.1.x86_64
libsmbclient-4.10.16-9.amzn2.0.1.x86_64
libsmbclient-devel-4.10.16-9.amzn2.0.1.x86_64
libwbclient-4.10.16-9.amzn2.0.1.x86_64
libwbclient-devel-4.10.16-9.amzn2.0.1.x86_64
samba-python-4.10.16-9.amzn2.0.1.x86_64
samba-python-test-4.10.16-9.amzn2.0.1.x86_64
samba-test-4.10.16-9.amzn2.0.1.x86_64
samba-test-libs-4.10.16-9.amzn2.0.1.x86_64
samba-winbind-4.10.16-9.amzn2.0.1.x86_64
samba-winbind-clients-4.10.16-9.amzn2.0.1.x86_64
samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1.x86_64
samba-winbind-modules-4.10.16-9.amzn2.0.1.x86_64
ctdb-4.10.16-9.amzn2.0.1.x86_64
ctdb-tests-4.10.16-9.amzn2.0.1.x86_64
samba-debuginfo-4.10.16-9.amzn2.0.1.x86_64
Red Hat: CVE-2020-14318, CVE-2020-14323, CVE-2020-1472
Mitre: CVE-2020-14318, CVE-2020-14323, CVE-2020-1472
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.3 High
AI Score
Confidence
Low
0.467 Medium
EPSS
Percentile
97.5%