Samba releases patches for 8 vulnerabilities

Samba releases patches for 8 vulnerabilities

Samba has released software updates to fix 8 vulnerabilities in multiple Samba software products.

A remote attacker could take advantage of these vulnerabilities and exploit impacted systems.

Samba software is used for file and print services for all clients using the SMB/CIFS protocol. Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.

The 8 patched vulnerabilities are summarized below:

  • CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication.
  • CVE-2020-25717: A user in an AD Domain could become root on domain members.
  • CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC.
  • CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets.
  • CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
  • CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored.
  • CVE-2021-3738: Use after free in Samba AD DC RPC server.
  • CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.