CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
74.4%
The Samba smbd file server must map Windows group identities (SIDs)
into unix group ids (gids). The code that performs this had a flaw
that could allow it to read data beyond the end of the array in the
case where a negative cache entry had been added to the mapping
cache. This could cause the calling code to return those values into
the process token that stores the group membership for a user.
Most commonly this flaw caused the calling code to crash, but an alert
user (Peter Eriksson, IT Department, Linkรถping University) found this
flaw by noticing an unprivileged user was able to delete a file within
a network share that they should have been disallowed access to.
Analysis of the code paths has not allowed us to discover a way for a
remote user to be able to trigger this flaw reproducibly or on demand,
but this CVE has been issued out of an abundance of caution.
Patches addressing this issue has been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.14.4, 4.13.8 and 4.12.15 have been issued as
security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon as
possible.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N (6.8)
None.
Reported by Peter Eriksson, IT Department, Linkรถping University.
Volker Lendecke of SerNet and the Samba Team provided the fix.
Patches backported to supported Samba versions and run though the
Samba security process by Noel Power of SuSE and Andrew Bartlett of
Catalyst.
Advisory written by Jeremy Allison of Google.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
74.4%