CVE-2021-20254

Publication date 29 April 2021

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

6.8 · Medium

Score breakdown

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Read the notes from the security team

Status

Package Ubuntu Release Status
samba 21.04 hirsute
Fixed 2:4.13.3+dfsg-1ubuntu2.1
20.10 groovy
Fixed 2:4.12.5+dfsg-3ubuntu4.3
20.04 LTS focal
Fixed 2:4.11.6+dfsg-0ubuntu1.8
18.04 LTS bionic
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.23
16.04 LTS xenial
Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.34
14.04 LTS trusty

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes


mdeslaur

3.6 and higher

Severity score breakdown

Parameter Value
Base score 6.8 · Medium
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References

Related Ubuntu Security Notices (USN)

Other references