ID de Prueba:	1.3.6.1.4.1.25623.1.0.145916
Categoría:	Denial of Service
Título:	Samba 3.6.0 < 4.12.15, 4.13.0 < 4.13.8, 4.14.0 < 4.14.4 File Access Vulnerability
Resumen:	Samba is prone to a unauthorized file access vulnerability.
Descripción:	Summary: Samba is prone to a unauthorized file access vulnerability. Vulnerability Insight: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw causes the calling code to crash, but it was found that an unprivileged user may be able to delete a file within a network share that they should have been disallowed access to. Affected Software/OS: Samba version 3.6.0 and later. Solution: Update to version 4.12.15, 4.13.8, 4.14.4 or later. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-20254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/ https://security.gentoo.org/glsa/202105-22 https://security.netapp.com/advisory/ntap-20210430-0001/ https://bugzilla.redhat.com/show_bug.cgi?id=1949442 https://www.samba.org/samba/security/CVE-2021-20254.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.