Test ID:	1.3.6.1.4.1.25623.1.0.145916
Category:	Denial of Service
Title:	Samba 3.6.0 < 4.12.15, 4.13.0 < 4.13.8, 4.14.0 < 4.14.4 File Access Vulnerability
Summary:	Samba is prone to a unauthorized file access vulnerability.
Description:	Summary: Samba is prone to a unauthorized file access vulnerability. Vulnerability Insight: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw causes the calling code to crash, but it was found that an unprivileged user may be able to delete a file within a network share that they should have been disallowed access to. Affected Software/OS: Samba version 3.6.0 and later. Solution: Update to version 4.12.15, 4.13.8, 4.14.4 or later. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-20254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/ https://security.gentoo.org/glsa/202105-22 https://security.netapp.com/advisory/ntap-20210430-0001/ https://bugzilla.redhat.com/show_bug.cgi?id=1949442 https://www.samba.org/samba/security/CVE-2021-20254.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.