CVE-2021-3738
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.
En DCE/RPC es posible compartir los manejadores (cookies para el estado de los recursos) entre múltiples conexiones por medio de un mecanismo llamado "association groups". Estos manejadores pueden hacer referencia a conexiones a nuestra base de datos sam.ldb. Sin embargo, mientras la base de datos era compartida correctamente, el estado de las credenciales del usuario sólo era apuntado, y cuando una conexión dentro de ese grupo de asociación terminaba, la base de datos quedaba apuntando a una "struct session_info" no válida. El resultado más probable en este caso es un bloqueo, pero es posible que un uso de memoria previamente liberada permita apuntar a un estado de usuario diferente y esto podría permitir un acceso más privilegiado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-26 CVE Reserved
- 2021-11-11 CVE Published
- 2023-10-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2021726 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.samba.org/show_bug.cgi?id=14468 | 2023-09-17 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202309-06 | 2023-09-17 | |
| https://www.samba.org/samba/security/CVE-2021-3738.html | 2023-09-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.0.0 < 4.13.14 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.13.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.14.0 < 4.14.10 Search vendor "Samba" for product "Samba" and version " >= 4.14.0 < 4.14.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.15.0 < 4.15.2 Search vendor "Samba" for product "Samba" and version " >= 4.15.0 < 4.15.2" | - |
Affected
| ||||||