First published: Fri Oct 01 2021(Updated: )
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samba Samba | <4.15.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Redhat Virtualization Host | =4.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Aus | =8.6 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux Tus | =8.6 | |
redhat/samba | <4.15.0 | 4.15.0 |
redhat/samba | <0:4.15.5-5.el8 | 0:4.15.5-5.el8 |
redhat/samba | <0:4.15.5-100.el8 | 0:4.15.5-100.el8 |
debian/samba | <=2:4.9.5+dfsg-5+deb10u3<=2:4.9.5+dfsg-5+deb10u4<=2:4.13.13+dfsg-1~deb11u5 | 2:4.17.11+dfsg-0+deb12u1 2:4.17.12+dfsg-0+deb12u1 2:4.19.1+dfsg-4 2:4.19.2+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20316 is a vulnerability in Samba that allows an authenticated attacker to perform operations outside of a shared directory.
CVE-2021-20316 has a severity score of 6.8, which is considered medium.
Samba versions up to 4.15.0, Debian Linux 10.0 and 11.0, Redhat Virtualization Host 4.0, Redhat Enterprise Linux 8.0, 8.6, and samba package versions up to 2:4.13.13+dfsg-1~deb11u5 are affected by CVE-2021-20316.
To fix CVE-2021-20316, update to Samba version 4.15.0 or later, Debian Linux 10.0 or 11.0, Redhat Virtualization Host 4.0, or Redhat Enterprise Linux 8.0 or 8.6, and update the samba package to 2:4.17.9+dfsg-0+deb12u3, 2:4.17.10+dfsg-0+deb12u1, or 2:4.19.0+dfsg-1.
You can find more information about CVE-2021-20316 on the Red Hat Security Advisory and Samba bugzilla pages: https://access.redhat.com/security/cve/CVE-2021-20316, https://bugzilla.redhat.com/show_bug.cgi?id=2009673, https://bugzilla.samba.org/show_bug.cgi?id=14842.