CVE-2021-20316
Updated: 2022-06-10 11:36:38.058881
Description:
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
| Links | NIST | CIRCL | RHEL | Ubuntu |
Severity
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | MEDIUM | 5.9 |
Status
| OS name | Project name | Version | Status | Errata | Last updated |
|---|---|---|---|---|---|
| CentOS 8.4 ELS | samba | 4.13.3-5 | Ignored | 2022-06-10 11:36:38.10732 | |
| CentOS 8.5 ELS | samba | 4.14.5-7 | Ignored | 2022-06-10 11:36:38.045747 |
Statement
It is impossible to backport security patches to samba versions prior to 4.15.0. The fix of vulnerability requires a massive rewrite of a projects's internal code. Upgrading package is not reasonable due to medium severity of vulnerability. For more details check out an article about fixing samba: https://lwn.net/Articles/884052/