What is the vulnerability ID of this security advisory?

The vulnerability ID of this security advisory is USN-5174-1.

What software is affected by this vulnerability?

The Samba software is affected by this vulnerability.

What is the severity of USN-5174-1?

The severity of USN-5174-1 is not specified in the provided information.

How can the vulnerability be exploited?

The vulnerability can be exploited by a remote attacker who can possibly downgrade connections to plaintext authentication.

Is there a fix available for this vulnerability?

Yes, a fix for this vulnerability is available. Please refer to the provided reference links for more information.

Vulnerability/
USN-5174-1

6/12/2021

USN-5174-1: Samba vulnerabilities

First published: Mon Dec 06 2021(Updated: )

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. (CVE-2016-2124) Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. (CVE-2020-25717) Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. (CVE-2020-25722) Joseph Sutton discovered that Samba incorrectly handled certain TGS requests. An authenticated attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2021-3671) The fix for CVE-2020-25717 results in possible behaviour changes that could affect certain environments. Please see the upstream advisory for more information: https://www.samba.org/samba/security/CVE-2020-25717.html

Affected Software	Affected Version	How to fix
All of
ubuntu/samba	<2:4.7.6+dfsg~ubuntu-0ubuntu2.26	2:4.7.6+dfsg~ubuntu-0ubuntu2.26
	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this security advisory?
The vulnerability ID of this security advisory is USN-5174-1.
What software is affected by this vulnerability?
The Samba software is affected by this vulnerability.
What is the severity of USN-5174-1?
The severity of USN-5174-1 is not specified in the provided information.
How can the vulnerability be exploited?
The vulnerability can be exploited by a remote attacker who can possibly downgrade connections to plaintext authentication.
Is there a fix available for this vulnerability?
Yes, a fix for this vulnerability is available. Please refer to the provided reference links for more information.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-5142-1
anchor-related/USN-5675-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.