Samba has released a software update to fix a vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files. A remote attacker could take advantage of this bug and exploit unpatched systems.
Samba software is used for file and print services for all clients using the SMB/CIFS protocol. Samba is used to seamlessly integrate Linux/Unix systems into Windows Active Directory environments.
The patch for CVE-2021-20254 addresses a coding error converting SIDs to gids, which could allow unexpected group entries in a process token. As a result, an attacker could gain unauthorized access to files.
Moreover, all versions of the Samba file server versions Samba 3.6.0 or newer are affected.
Samba administrators should update to versions Samba 4.14.4, 4.13.8 or 4.12.15.