// For flags

CVE-2021-20254

samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Se encontró un fallo en samba. El servidor de archivos smbd de Samba debe asignar Windows group identities (SIDs) a unix group ids (gids). El código que lleva a cabo esto tenía un fallo que podría permitirle leer datos más allá del final de la matriz en el caso de que se hubiera agregado una entrada de caché negativa a la caché de mapeo. Esto podría causar que el código de llamada devuelva esos valores al token de proceso que almacena la pertenencia al grupo de un usuario. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-04-30 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
>= 3.6.0 < 4.12.15
Search vendor "Samba" for product "Samba" and version " >= 3.6.0 < 4.12.15"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
>= 4.13.0 < 4.13.8
Search vendor "Samba" for product "Samba" and version " >= 4.13.0 < 4.13.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
>= 4.14.0 < 4.14.4
Search vendor "Samba" for product "Samba" and version " >= 4.14.0 < 4.14.4"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected