DCE/RPC Vulnerability in Samba Affects User Credentials and Resource Sharing
CVE-2021-3738

8.8HIGH

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 2 March 2022

What is CVE-2021-3738?

In DCE/RPC implementations within Samba, a vulnerability exists that allows handles (representative of resource state) to be improperly shared among multiple connections through 'association groups'. While the handling of the sam.ldb database was appropriately shared, the associated user credentials were not, leading to a scenario where a concluded connection could leave the database referencing an invalid session state. This flaw risks application crashes or, in dire circumstances, permits access to privileged states, thus compromising user credential integrity.

Affected Version(s)

samba Affects all versions since samba 4.0 | Fixedin samba v4.15.2, v4.14.10 and v4.13.14

References

https://www.samba.org/samba/security/CVE-2021-3738.html

https://bugzilla.samba.org/show_bug.cgi?id=14468

https://bugzilla.redhat.com/show_bug.cgi?id=2021726

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Aug 26, 2021