Your submission was sent successfully! Close

CVE-2021-3671

Published: 12 October 2021

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
heimdal
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
Upstream: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.13.13)
Ubuntu 21.10 (Impish Indri)
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5