5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%
winbind in version 3.6 and later implements a request to
translate multiple Windows SIDs into names in one request. This
was done for performance reasons: Active Directory domain
controllers can do multiple SID to name translations in one RPC
call. It was an obvious extension to also offer this batch
operation on the winbind unix domain stream socket that is
available to local processes on the Samba server to reduce
network round-trips to the domain controller.
Due to improper input validation a hand-crafted packet can make
winbind perform a NULL pointer dereference and thus crash.
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.11.15, 4.12.9 and 4.13.1 have been issued as
security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon as
possible.
CVSS 3.1: AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (5.0)
Any user with local shell access to the machine running winbind can
issue the winbind socket request. The only workaround is to disable
shell access to exposed machines.
Typical file servers don’t offer full local access, they are not
affected.
Originally reported by Bas Alberts of the GitHub Security Lab Team as
GHSL-2020-134.
Advisory written by Volker Lendecke of SerNet and the Samba Team.
Patches provided by Volker Lendecke of SerNet and the Samba Team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%