#VU57324 NULL pointer dereference in Samba - CVE-2021-3671


Vulnerability identifier: #VU57324

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-3671

CWE-ID: CWE-476

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way samba kerberos server handles missing sname attribute in TGS-REQ (Ticket Granting Server - Request). A remote authenticated user can send a specially crafted request to the samba server and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.13.0 - 4.14.7

External links
https://bugzilla.samba.org/show_bug.cgi?id=14770
https://bugzilla.redhat.com/show_bug.cgi?id=2013080
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for heimdal
Fedora 36 update for heimdal
Fedora 35 update for heimdal
Fedora 37 update for heimdal
Fedora EPEL 7 update for heimdal
Fedora EPEL 8 update for heimdal
Fedora 35 update for heimdal
Fedora 36 update for heimdal
Fedora 37 update for heimdal
FreeBSD update for heimdal