Advisory ROSA-SA-2021-1967

Software: samba 4.10.16
OS: Cobalt 7.9

CVE-ID: CVE-2020-10745
CVE-Crit: HIGH
CVE-DESC: In all versions of Samba prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4, a flaw has been discovered in the way NetBios is handled over TCP / IP. This flaw allows a remote attacker to cause excessive CPU utilization by the Samba server, resulting in a denial of service. The biggest threat to this vulnerability is system availability.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-10760
CVE-Crit: MEDIUM
CVE-DESC: A post-release usage error was detected in all versions of Samba LDAP servers prior to 4.10.17, prior to 4.11.11, prior to 4.12.4 used in the AC DC configuration. A Samba LDAP user could exploit this vulnerability to crash Samba.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-10730
CVE-Crit: MEDIUM
CVE-DESC: null pointer dereference or possible use error after releasing the Samba AD LDAP server in versions prior to 4.10.17, prior to 4.11.11, and prior to 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the vulnerable code is shipped with the libldb package. This flaw allows an authenticated user to initiate dereferencing of a use-after-free or NULL pointer. The biggest threat from this vulnerability is to system availability.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14303
CVE-Crit: HIGH
CVE-DESC: A bug was detected in the AD DC NBT server in all versions of Samba before 4.10.17, before 4.11.11, and before 4.12.4. A Samba user can send an empty UDP packet to cause the Samba server to crash.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14318
CVE-Crit: MEDIUM
CVE-DESC: A bug has been discovered in the way samba handles file and directory permissions. An authenticated user could exploit this vulnerability to gain access to certain file and directory information that would otherwise be inaccessible to an attacker.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14383
CVE-Crit: MEDIUM
CVE-DESC: an error has been detected in the samba DNS server. An authenticated user can use this flaw on the RPC server to fail. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but an unauthorized authenticated attacker could bring it down again as soon as it returns. The Samba DNS server itself will continue to run, but many RPC services will not.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-1472
CVE-Crit: CRITICAL
CVE-DESC: A privilege escalation vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC), also known as the “Netlogon Elevation of Privilege Vulnerability”.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2021-20208
CVE-Crit: MEDIUM
CVE-DESC: a bug was found in cifs-utils in versions before 6.13. A user can use host Kerberos credentials when mounting a krb5 CIFS file system from a container. The biggest threat from this vulnerability is to data confidentiality and integrity.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2021-20254
CVE-Crit: HIGH
CVE-DESC: an error has been detected in samba. The Samba smbd file server should map Windows group identifiers (SIDs) to unix group identifiers (gids). The code performing this had a flaw that could allow it to read data beyond the end of the array when a negative cache entry was added to the mapping cache. This could cause the calling code to return these values to the process token that stores the group membership for the user. The biggest threat from this vulnerability is to data confidentiality and integrity.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-20277
CVE-Crit: HIGH
CVE-DESC: An error was detected in libldb Samba. Multiple consecutive leading spaces in an LDAP attribute could result in an out-of-memory write, causing the LDAP server process handling the request to crash. The biggest threat from this vulnerability is to system availability.
CVE-STATUS: default
CVE-REV: Default