SB2022021902 - Amazon Linux AMI update for samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022021902

SB2022021902 - Amazon Linux AMI update for samba

Published: February 19, 2022 Updated: September 22, 2022

Security Bulletin ID SB2022021902
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2016-2124)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to SMB1 client connections can be downgraded to plaintext authentication. A remote attacker can perform a man-in-the-middle attack and downgrade a negotiated SMB1 client connection and its capabitilities.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-25717)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Windows Active Directory (AD) domains have by default a feature to allow users to create computer accounts. A remote authenticated attacker can create such account with elevated privileges on the system.


3) Out-of-bounds read (CVE-ID: CVE-2021-20254)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when mapping Windows group identities (SIDs) into unix group identities (gids), which resulted into negative idmap cache entries created in the Samba server process token. An attacker who can manage to trigger the vulnerability can crash the Samba server or potentially perform unauthorized actions on the system.


4) Out-of-bounds write (CVE-ID: CVE-2021-44142)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit). A remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges.

Note, the vulnerability in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file.


Remediation

Install update from vendor's website.

References