Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0D4E3D956FBA167DB2FBE7EE5345BF4C81DCA6F2A7F3B02200A7942FAEDB8BA4
HistoryOct 14, 2021 - 4:55 p.m.

Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified

2021-10-1416:55:46
www.ibm.com
60
ibm storwize v7000 unified
samba
security vulnerabilities
remote access
denial of service
null pointer dereference
missing permissions check

EPSS

0.004

Percentile

74.4%

JSON

Summary

IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities.

Vulnerability Details

CVEID:CVE-2021-20254
**DESCRIPTION:**Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a coding error when converting SIDs to gids. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause incorrect group entries in the Samba file server process token, and allows unauthorized access to files
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2020-14323
**DESCRIPTION:**Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-14318
**DESCRIPTION:**Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a missing permissions check on a directory handle requesting ChangeNotify. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain file name information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Storwize V7000 Unified 1.6.0.0 - 1.6.2.9

Remediation/Fixes

A fix for this issue is in version 1.6.2.10 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.6.2.10 or a later version, so that the fix gets applied.

Latest Storwize V7000 Unified Software

Workarounds and Mitigations

None

Related

nessus 73
openvas 47
osv 9
ubuntu 3
redhat 8
ibm 5
fedora 5
centos 2
rocky 2
freebsd 2
f5 1
almalinux 2
oraclelinux 4
mageia 1
amazon 4
suse 2
altlinux 3
gentoo 1
alpinelinux 3
ubuntucve 2
samba 2
nvd 3
cisa 1
redhatcve 3
cvelist 1
cbl_mariner 2
prion 1
vulnrichment 2
veracode 2
debiancve 2
cve 1
nessus
nessus
RHEL 7 : samba (RHSA-2021:3723)
2021-10-05 00:00:00
SUSE SLES11 Security Update : samba (SUSE-SU-2020:14525-1)
2021-06-10 00:00:00
EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2491)
2020-12-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4931-1)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1229)
2021-02-05 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2491)
2020-12-01 00:00:00
osv
osv
samba vulnerabilities
2021-05-03 20:44:00
samba vulnerabilities
2020-11-02 13:56:36
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
ubuntu
ubuntu
Samba vulnerabilities
2021-05-03 00:00:00
Samba vulnerabilities
2020-11-02 00:00:00
Samba vulnerability
2021-04-29 00:00:00
redhat
redhat
(RHSA-2021:3723) Moderate: samba security, bug fix and enhancement update
2021-10-05 04:55:51
(RHSA-2020:5439) Moderate: samba security and bug fix update
2020-12-15 09:01:31
(RHSA-2021:1647) Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
ibm
ibm
Security Bulletin: Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method.
2021-01-25 05:03:53
Security Bulletin: Multiple vulnerabilities found in Spectrum Scale affect IBM Cloud Pak System
2021-05-19 17:27:44
Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318
2020-11-11 20:50:06
fedora
fedora
[SECURITY] Fedora 32 Update: samba-4.12.10-0.fc32
2020-11-10 01:29:57
[SECURITY] Fedora 33 Update: samba-4.13.1-0.fc33
2020-11-03 01:01:17
[SECURITY] Fedora 33 Update: samba-4.13.8-0.fc33
2021-05-07 00:48:11
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2020-12-18 00:19:11
ctdb, libsmbclient, libwbclient, samba security update
2021-06-14 18:37:00
rocky
rocky
samba security, bug fix, and enhancement update
2021-05-18 05:44:25
samba security update
2021-11-02 07:48:59
freebsd
freebsd
samba -- Multiple Vulnerabilities
2020-10-29 00:00:00
samba -- negative idmap cache entries vulnerability
2021-04-29 00:00:00
f5
f5
K93951507 : Multiple Samba vulnerabilities
2021-04-06 00:00:00
almalinux
almalinux
Moderate: samba security, bug fix, and enhancement update
2021-05-18 05:44:25
Moderate: samba security update
2021-11-02 07:48:59
oraclelinux
oraclelinux
samba security and bug fix update
2020-12-16 00:00:00
samba security, bug fix, and enhancement update
2021-05-25 00:00:00
samba security and bug fix update
2021-06-09 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2020-11-10 18:20:00
amazon
amazon
Critical: samba
2021-01-05 23:34:00
Critical: samba
2021-01-12 22:51:00
Critical: samba
2021-06-16 20:36:00
suse
suse
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (important)
2020-11-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.12.9-alt1
2020-10-29 00:00:00
Security fix for the ALT Linux 10 package samba version 4.14.4-alt1
2021-04-30 00:00:00
Security fix for the ALT Linux 10 package samba version 4.14.4-alt2
2021-05-06 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-12-24 00:00:00
alpinelinux
alpinelinux
CVE-2020-14323
2020-10-29 20:15:17
CVE-2020-14318
2020-12-03 16:15:12
CVE-2021-20254
2021-05-05 14:15:07
ubuntucve
ubuntucve
CVE-2020-14323
2020-10-29 00:00:00
CVE-2021-20254
2021-04-29 00:00:00
samba
samba
Unprivileged user can crash winbind
2020-10-29 00:00:00
Negative idmap cache entries can cause incorrect
2021-04-29 00:00:00
nvd
nvd
CVE-2020-14323
2020-10-29 20:15:17
CVE-2020-14318
2020-12-03 16:15:12
CVE-2021-20254
2021-05-05 14:15:07
cisa
cisa
Samba Releases Security Updates
2021-04-30 00:00:00
redhatcve
redhatcve
CVE-2020-14318
2020-10-29 11:29:24
CVE-2020-14323
2020-10-29 11:29:25
CVE-2021-20254
2021-04-29 10:18:51
cvelist
cvelist
CVE-2021-20254
2021-05-05 13:36:32
cbl_mariner
cbl_mariner
CVE-2021-20254 affecting package samba 4.12.5-6
2024-09-30 09:32:25
CVE-2020-14323 affecting package samba 4.12.5-6
2024-09-30 09:32:25
prion
prion
Design/Logic Flaw
2021-05-05 14:15:00
vulnrichment
vulnrichment
CVE-2020-14318
2020-12-03 00:00:00
CVE-2020-14323
2020-10-29 00:00:00
veracode
veracode
Information Disclosure
2020-11-09 05:13:20
Information Disclosure
2021-05-06 11:27:33
debiancve
debiancve
CVE-2020-14323
2020-10-29 20:15:17
CVE-2021-20254
2021-05-05 14:15:07
cve
cve
CVE-2020-14323
2020-10-29 20:15:17

EPSS

0.004

Percentile

74.4%

JSON
Related for 0D4E3D956FBA167DB2FBE7EE5345BF4C81DCA6F2A7F3B02200A7942FAEDB8BA4
nessus73openvas47osv9ubuntu3redhat8ibm5fedora5centos2rocky2freebsd2f51almalinux2oraclelinux4mageia1amazon4suse2altlinux3gentoo1alpinelinux3ubuntucve2samba2nvd3cisa1redhatcve3cvelist1cbl_mariner2prion1vulnrichment2veracode2debiancve2cve1