First published: Wed Nov 03 2021(Updated: )
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samba Samba | >=3.0.0<4.13.14 | |
Samba Samba | >=4.14.0<4.14.10 | |
Samba Samba | >=4.15.0<4.15.2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Redhat Codeready Linux Builder | ||
Redhat Gluster Storage | =3.0 | |
Redhat Gluster Storage | =3.5 | |
Redhat Openstack | =13 | |
Redhat Openstack | =16.1 | |
Redhat Openstack | =16.2 | |
Redhat Virtualization Host | =4.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.2 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.4 | |
Redhat Enterprise Linux For Power Big Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.2 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.4 | |
Redhat Enterprise Linux For Scientific Computing | =7.0 | |
Redhat Enterprise Linux Resilient Storage | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.2 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.4 | |
Redhat Enterprise Linux Tus | =8.2 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =21.04 | |
Canonical Ubuntu Linux | =21.10 | |
redhat/samba | <0:4.10.16-17.el7_9 | 0:4.10.16-17.el7_9 |
redhat/samba | <0:4.14.5-7.el8_5 | 0:4.14.5-7.el8_5 |
redhat/samba | <0:4.11.2-18.el8_2 | 0:4.11.2-18.el8_2 |
redhat/samba | <0:4.13.3-8.el8_4 | 0:4.13.3-8.el8_4 |
redhat/samba | <0:4.11.6-114.el7 | 0:4.11.6-114.el7 |
redhat/samba | <0:4.14.5-204.el8 | 0:4.14.5-204.el8 |
redhat/samba | <4.15.2 | 4.15.2 |
redhat/samba | <4.14.10 | 4.14.10 |
redhat/samba | <4.13.14 | 4.13.14 |
debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.1+dfsg-2 |
Ensure the following [global] smb.conf parameters are set to their default values as shown below: ~~~ client lanman auth = no client NTLMv2 auth = yes client plaintext auth = no client min protocol = SMB2_02 ~~~ Or use the '-k' command line option only without the -U option, which will make use of an existing krb5 ccache.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)