A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

🗓️ 15 Oct 2024 07:00:00Reported by MicrosoftType

Samba smbd flaw reads past array end with a negative cache entry, leaking group memberships.

Reporter	Title	Published	Views	Family All 195
IBM Security Bulletins	Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified	14 Oct 202116:55	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-20254)	6 Dec 202114:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)	30 Jun 202203:51	–	ibm
IBM Security Bulletins	Security Bulletin: Samba for IBM i is affected by CVE-2021-20254	13 May 202114:26	–	ibm
FreeBSD	samba -- negative idmap cache entries vulnerability	29 Apr 202100:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : samba (ALAS-2021-1680)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : samba (ALAS-2022-1564)	19 Feb 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0077: samba (ALINUX3-SA-2021:0077)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : samba (ALSA-2021:4058)	9 Feb 202200:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: samba (CVE-2021-20254)	22 Jan 202600:00	–	nessus