CVE-2020-14318
First published: Thu Oct 29 2020(Updated: )
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/samba | <4.11.15 | 4.11.15 |
| redhat/samba | <4.12.9 | 4.12.9 |
| redhat/samba | <4.13.1 | 4.13.1 |
| Samba | >=3.6.0<4.11.15 | |
| Samba | >=4.12.0<4.12.9 | |
| Samba | >=4.13.0<4.13.1 | |
| Red Hat Storage | =3.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1892631
- https://security.gentoo.org/glsa/202012-24
- https://www.samba.org/samba/security/CVE-2020-14318.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1892634
- https://git.samba.org/?p=samba.git;a=commit;h=22528b76ed6eb6251fdf01875aaa955480e7663d
- https://git.samba.org/?p=samba.git;a=commit;h=5dd4c789c13035b805fdd2c3a9c38721657b05b3
- https://git.samba.org/?p=samba.git;a=commit;h=f100bd2f2e4f047942002a992c99104227a17f81
- https://git.samba.org/?p=samba.git;a=commit;h=f43ecce46a89c6380317fbb5f2ae38f48d3d42c8
- https://git.samba.org/?p=samba.git;a=commit;h=a5da8919303ea99937c0d3b536f964b7f1addda7
- https://git.samba.org/?p=samba.git;a=commit;h=c300a85848350635e7ddd8129b31c4d439dc0f8a
- https://access.redhat.com/errata/RHSA-2020:5439
- https://access.redhat.com/security/cve/cve-2020-14318
- https://access.redhat.com/errata/RHSA-2021:1647
- https://access.redhat.com/errata/RHSA-2021:3723
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
Frequently Asked Questions
What is the severity of CVE-2020-14318?
CVE-2020-14318 has a medium severity level due to its potential for unauthorized access to file and directory information by authenticated users.
How do I fix CVE-2020-14318?
To fix CVE-2020-14318, upgrade Samba to versions 4.11.15, 4.12.9, or 4.13.1 as applicable.
What systems are affected by CVE-2020-14318?
CVE-2020-14318 affects various versions of Samba and Red Hat Enterprise Linux, particularly those prior to specified fixed versions.
What is the nature of the vulnerability in CVE-2020-14318?
CVE-2020-14318 is a permission-related vulnerability that allows authenticated users to access restricted file and directory information.
Can CVE-2020-14318 be exploited remotely?
CVE-2020-14318 requires authentication, meaning that exploitation is limited to users who have already obtained access to the system.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14318
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/samba
- canonical/samba
- version/samba/3.6.0
- version/samba/4.12.0
- version/samba/4.13.0
- vendor/redhat
- canonical/red hat storage
- version/red hat storage/3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0