Updated: 2023-03-10 12:28:07.061403
Description:
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.9 |
| CVSS Version 3.x | MEDIUM | 6.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | samba | 3.6.23 | 6.8 | MEDIUM | Ignored | 2021-11-20 06:42:49 | |
| CentOS 8.4 ELS | samba | 4.13.3-5 | 6.8 | MEDIUM | Not Vulnerable | 2022-02-09 08:40:18 | |
| CentOS 8.5 ELS | samba | 4.14.5-7 | 6.8 | MEDIUM | Not Vulnerable | 2022-02-09 08:40:18 | |
| CloudLinux 6 ELS | samba | 3.6.23 | 6.8 | MEDIUM | Ignored | 2021-11-20 06:42:49 | |
| Oracle Linux 6 ELS | samba | 3.6.23 | 6.8 | MEDIUM | Ignored | 2021-11-20 06:42:49 | |
| Ubuntu 16.04 ELS | samba | 4.3.11 | 6.8 | MEDIUM | Not Vulnerable | 2021-12-22 03:55:05 | |
| Ubuntu 18.04 ELS | samba | 4.7.6 | 6.8 | MEDIUM | Ignored | 2023-03-02 04:04:15 |