CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.7%
In DCE/RPC it is possible to share the handles (cookies for resource
state) between multiple connections via a mechanism called
‘association groups’. These handles can reference connections to our
sam.ldb database. However while the database was correctly shared, the
user credentials state was only pointed at, and when one connection
within that association group ended, the database would be left
pointing at an invalid ‘struct session_info’.
The most likely outcome here is a crash, but it is possible that the
use-after-free could instead allow different user state to be pointed
at and this might allow more privileged access.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.15.2, 4.14.10 and 4.13.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H (7.6)
None.
Originally reported by William Ross, City West Country Ltd.
Patches provided by Stefan Metzmacher of SerNet and the Samba Team.
Advisory and backport by Andrew Bartlett of Catalyst and the Samba
Team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.7%