Lucene search

K
redhatRedHatRHSA-2020:5439
HistoryDec 15, 2020 - 9:01 a.m.

(RHSA-2020:5439) Moderate: samba security and bug fix update

2020-12-1509:01:31
access.redhat.com
383

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.322 Low

EPSS

Percentile

96.9%

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

  • samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)

  • samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)

  • samba: Unprivileged user can crash winbind (CVE-2020-14323)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • The ‘require_membership_of’ documentation in pam_winbind manpage is incorrect (BZ#1853272)

  • Malfunctioning %U substitution in valid users option (BZ#1868917)

  • Regression: smbd and nmbd are restarted when samba-winbind package is upgraded (BZ#1878205)

  • winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313)

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.322 Low

EPSS

Percentile

96.9%