Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-3671

Published: 12 October 2021

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Notes

AuthorNote
mdeslaur
same as CVE-2021-37750 for MIT krb5

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
heimdal
Launchpad, Ubuntu, Debian
bionic
Released (7.5.0+dfsg-1ubuntu0.1)
focal
Released (7.7.0+dfsg-1ubuntu1.1)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Not vulnerable
(7.7.0+dfsg-3ubuntu1)
kinetic Not vulnerable
(7.7.0+dfsg-3ubuntu1)
lunar Not vulnerable
(7.7.0+dfsg-3ubuntu1)
mantic Not vulnerable
(7.7.0+dfsg-3ubuntu1)
trusty
Released (1.6~git20131207+dfsg-1ubuntu1.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (7.7.0+dfsg-3)
xenial
Released (1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
upstream: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a

samba
Launchpad, Ubuntu, Debian
bionic
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
focal
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
hirsute
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
impish
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
jammy
Released (2:4.13.14+dfsg-0ubuntu1)
kinetic
Released (2:4.13.14+dfsg-0ubuntu1)
lunar
Released (2:4.13.14+dfsg-0ubuntu1)
mantic
Released (2:4.13.14+dfsg-0ubuntu1)
trusty Needed

upstream
Released (4.13.13)
xenial Needed

Patches:


upstream: https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H