CVE-2021-20254
First published: Wed Apr 14 2021(Updated: )
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba Samba | >=3.6.0<4.12.15 | |
| Samba Samba | >=4.13.0<4.13.8 | |
| Samba Samba | >=4.14.0<4.14.4 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| redhat/samba | <4.14.4 | 4.14.4 |
| redhat/samba | <4.13.8 | 4.13.8 |
| redhat/samba | <4.12.15 | 4.12.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1949442
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/
- https://security.gentoo.org/glsa/202105-22
- https://security.netapp.com/advisory/ntap-20210430-0001/
- https://www.samba.org/samba/security/CVE-2021-20254.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1955027
- https://access.redhat.com/errata/RHSA-2021:2313
- https://access.redhat.com/security/cve/cve-2021-20254
- https://access.redhat.com/errata/RHSA-2021:3723
- https://access.redhat.com/errata/RHSA-2021:3724
- https://access.redhat.com/errata/RHSA-2021:3988
- https://access.redhat.com/errata/RHSA-2021:4058
- https://access.redhat.com/errata/RHSA-2021:4866
Frequently Asked Questions
What is CVE-2021-20254?
CVE-2021-20254 is a vulnerability found in Samba that allows the smbd file server to read data beyond the end of the array in the case of a negative cache entry.
What is the severity of CVE-2021-20254?
The severity of CVE-2021-20254 is medium, with a CVSS score of 6.8.
Which software versions are affected by CVE-2021-20254?
Samba versions 3.6.0 to 4.12.15, 4.13.0 to 4.13.8, and 4.14.0 to 4.14.4 are affected by CVE-2021-20254.
How can I fix CVE-2021-20254?
To fix CVE-2021-20254, update Samba to version 4.14.4, 4.13.8, or 4.12.15, depending on the version you are using.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-20254?
The CWE ID for CVE-2021-20254 is 125.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20254
- agent/software-canonical-lookup
- vendor/samba
- canonical/samba samba
- version/samba samba/3.6.0
- version/samba samba/4.13.0
- version/samba samba/4.14.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/redhat